CVE-2026-23815

Summary

A vulnerability in a custom binary used in AOS-CX Switches' CLI could allow an authenticated remote attacker with high privileges to perform command injection. Successful exploitation could allow an attacker to execute unauthorized commands.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard Enterprise (HPE)AOS-CX10.17.0000 <= 10.17.0001affected
Hewlett Packard Enterprise (HPE)AOS-CX10.16.0000 <= 10.16.1020affected
Hewlett Packard Enterprise (HPE)AOS-CX10.13.0000 <= 10.13.1101affected
Hewlett Packard Enterprise (HPE)AOS-CX10.10.0000 <= 10.10.1170affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References