Critical authentication bypass in Aruba AOS-CX impacts CX-series switches

Threat summary

On March 10, Hewlett Packard Enterprise (HPE) published Security Bulletin HPESBNW05027 and released Aruba Networking AOS-CX software updates addressing multiple vulnerabilities, including one rated critical.

The bulletin covers five issues affecting AOS‑CX, a network operating system used on Aruba CX-series campus and data center switch platforms. AOS-CX is described by HPE as a cloud‑native network operating system designed for the CX switching family.

According to HPE, the vulnerabilities impact the management plane of affected switches and include authentication bypass, command injection, and URL redirection conditions.

The most severe of the flaws, CVE-2026-23813, affects the web‑based management interface of AOS-CX, which is commonly enabled for configuration and monitoring in on‑premises and managed service environments.

According to HPE’s advisory, the vulnerability allows an unauthenticated remote actor to bypass authentication controls and, in some cases, reset the administrator password. HPE assigned a Common Vulnerability Scoring System version 3.1 base score of 9.8, reflecting low attack complexity.

The worst‑case outcome is full administrative control of the affected switch, allowing changes that could disrupt network operations or weaken security controls.

HPE identified affected software branches as AOS-CX:

• 10.17.xxxx (10.17.0001 and below)
• 10.16.xxxx (10.16.1020 and below)
• 10.13.xxxx (10.13.1160 and below)
• 10.10.xxxx (10.10.1170 and below)

The bulletin notes that AOS-CX versions that have reached end of support are also expected to be affected unless otherwise stated. HPE further lists multiple Aruba CX switch series within scope of the advisory, including CX 6000, 6100, 6200F, 6300, 6400, 8320, 8325, 8360, 8400, 9300, and others.

As of the bulletin’s release on March 10, HPE stated that it was not aware of any public discussion or exploit code targeting these vulnerabilities. The advisory also states that HPE had not identified proof‑of‑concept code or evidence of exploitation in the wild at that time.

Analysis

Because AOS-CX runs on switches that often operate at the core or distribution layers of enterprise networks, compromise of the management plane has direct implications for network integrity, availability, and segmentation. Administrative control of switching infrastructure can affect traffic flows, access controls, and downstream security enforcement across connected environments.

Applying the vendor-supplied updates removes the authentication bypass condition described in CVE-2026-23813.

For environments where immediate upgrades are not feasible, HPE documented compensating controls intended to reduce exposure of the management plane.These include:

• Isolating management interfaces on a dedicated Layer 2 segment or virtual local area network
• Enforcing Layer 3 access restrictions to trusted hosts
• Disabling Hypertext Transfer Protocol and Hypertext Transfer Protocol Secure on interfaces where management access is not required
• Applying control plane access control lists to web‑based and application programming interface management endpoints

HPE also recommends enabling accounting, logging, and monitoring of management interface activity to support detection of unauthorized access attempts. These measures reduce the reachable attack surface, but do not eliminate the underlying vulnerability while affected systems remain unpatched.

Stay on top of emerging threats like this.

Sign up to receive a weekly roundup of our security intelligence feed. You'll be the first to know of emerging attack vectors, threats, and vulnerabilities. 

Sign up