← Back

CVE-2026-23809

nvd nist
Published: Mar 4, 2026Modified: Mar 9, 2026

JSON object

Loading...
7.6
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Exploitability: 2.8 / Impact: 4.7
Source: NVD

Description

A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual ports, an attacker could potentially bypass inter-BSSID isolation controls. Successful exploitation may enable an attacker to redirect and intercept the victim's network traffic, potentially resulting in eavesdropping, session hijacking, or denial of service.

Affected (6)

Arubanetworks
1 product
Arubaos
Configuration A
6 vulnerable · 17 platform
Vulnerable SoftwareAffected Versions
Arubanetworks
Arubaos
From 10.3.0.0 to 10.4.1.10
Arubaos
From 10.5.0.0 to 10.7.2.2
Arubaos
From 6.5.4.0 to 8.10.0.21
Arubaos
From 8.11.0.0 to 8.12.0.6
Arubaos
From 8.13.0.0 to 8.13.1.1
Arubaos
Version 10.8.0.0
Running on/withPlatform Versions
Arubanetworks
7010
All versions
Arubanetworks
7030
All versions
Arubanetworks
7205
All versions
Arubanetworks
7210
All versions
Arubanetworks
7220
All versions
Arubanetworks
7240xm
All versions
Arubanetworks
7280
All versions
Arubanetworks
9004
All versions
Arubanetworks
9004 Lte
All versions
Arubanetworks
9012
All versions
Arubanetworks
9106
All versions
Arubanetworks
9114
All versions
Arubanetworks
9240
All versions
Arubanetworks
Ap 634
All versions
Arubanetworks
Ap 635
All versions
Arubanetworks
Ap 654
All versions
Arubanetworks
Ap 655
All versions

Related CWEs

CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (1)

Source: security-alert@hpe.com
Vendor Advisory

Timeline

No history available yet.