CVE-2026-23817

Published: Mar 11, 2026Modified: May 13, 2026

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

A vulnerability in the web-based management interface of AOS-CX Switches could allow an unauthenticated remote attacker to redirect users to an arbitrary URL.

Affected (4)

Products: Hpe: Arubaos Cx

Hpe

1 product

Arubaos Cx

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Hpe Arubaos Cx	From 10.06.0000 to 10.10.1180
Hpe Arubaos Cx	From 10.13.0000 to 10.13.1161
Hpe Arubaos Cx	From 10.16.0000 to 10.16.1030
Hpe Arubaos Cx	From 10.17.0000 to 10.17.1001

Related CWEs

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (1)

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05027en_us&docLocale=en_US

Source: security-alert@hpe.com

Vendor Advisory

Timeline

No history available yet.