{ "document": { "aggregate_severity": { "namespace": "https://www.first.org/cvss/v3-1/specification-document", "text": "N/A" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en-US", "notes": [ { "category": "summary", "text": "HPE Aruba Networking has released AOS-CX software patches to address \nmultiple security vulnerabilities.", "title": "Summary" }, { "category": "general", "text": "HPE Aruba Networking AOS-CX Software Version(s):\n\n - AOS-CX 10.16.xxxx: 10.16.1000 and below\n - AOS-CX 10.15.xxxx: 10.15.1020 and below\n - AOS-CX 10.14.xxxx: 10.14.1050 and below\n - AOS-CX 10.13.xxxx: 10.13.1090 and below\n - AOS-CX 10.10.xxxx: 10.10.1160 and below\n\nSoftware versions of AOS-CX that are End of Support at the time of publication of this security advisory are expected to be affected by these vulnerabilities unless otherwise indicated. ", "title": "Affected Products" }, { "category": "general", "text": "Any other supported AOS-CX software versions not listed under the Affected Products section of this advisory are not known to be affected by the disclosed vulnerabilities.", "title": "Unaffected Products" }, { "category": "other", "text": "HPE Aruba Networking is not aware of any public discussion or exploit code targeting these specific vulnerabilities as of the release date of the advisory, except for the Rsync vulnerabilities (CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, CVE-2024-12747) which have already been publicly disclosed through the VINCE CERT Coordination Center and the OpenSSH vulnerability CVE-2025-26466 which \nhave also already been publicly disclosed by RedHat and it is available at https://access.redhat.com/security/cve/CVE-2025-26466.\n\nScoring for public CVEs that have already been disclosed is based on generally accepted NVD scores. The scores of these publicly disclosed vulnerabilities do not scrutinize the difference in attack conditions present in AOS-CX, which severely mitigate the likelihood of their exploitation as mentioned in the Affected Product section.\n\nMore information can be found at: https://www.kb.cert.org/vuls/id/952657", "title": "Exploitation and Public Discussion" }, { "category": "general", "text": "Complete information on reporting security vulnerabilities in HPE Aruba Networking products and obtaining assistance with security incidents is available at: https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00100637en_us. For reporting *NEW* HPE Aruba Networking security issues, email can be sent to aruba-sirt(at)hpe.com. For sensitive information we encourage the use of PGP encryption. Our public key can be found at: https://www.hpe.com/info/psrt-pgp-key", "title": "Aruba SIRT Security Procedures" }, { "category": "legal_disclaimer", "text": "(c) Copyright 2025 by Hewlett Packard Enterprise Development LP. This advisory may be redistributed freely after the release date given at the top of the text, provided that the redistributed copies are complete and unmodified, including all data and version information.", "title": "Legal Disclaimer" } ], "publisher": { "category": "vendor", "contact_details": "Email: aruba-product-sirt@hpe.com - For further details please see https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00100637en_us", "issuing_authority": "HPE Aruba Networking’s Security Incident Response Team (SIRT) is responsible for receiving, tracking, managing, and disclosing vulnerabilities in HPE Aruba Networking products. The HPE Aruba Networking SIRT actively works with industry, non-profit and government organizations, and the security community when vulnerabilities are reported. \nA security vulnerability is defined as any weakness in a product that allows an attacker to compromise the confidentiality, integrity, or availability of a product, customer infrastructure, or IT system through an HPE Aruba Networking product in that environment.", "name": "HPE Aruba Networking", "namespace": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00100637en_us" }, "references": [ { "summary": "Original Advisory", "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us&docLocale=en_US" }, { "summary": "HPE Aruba Networking Security Advisory Archive", "url": "https://csaf.arubanetworks.com/" }, { "summary": "HPE Aruba Networking Product Security Incident Response Policy", "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00100637en_us" } ], "title": "HPE Aruba Networking AOS-CX, Multiple Vulnerabilities", "tracking": { "current_release_date": "2025-11-18T17:00:00.000Z", "generator": { "date": "2025-11-18T00:07:35.694Z", "engine": { "name": "Secvisogram", "version": "2.5.39" } }, "id": "HPESBNW04888", "initial_release_date": "2025-11-18T17:00:00.000Z", "revision_history": [ { "date": "2025-11-18T17:00:00.000Z", "number": "1", "summary": "Initial release" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "AOS-CX 10.16.1006", "product": { "name": "AOS-CX", "product_id": "10.16.1006", "product_identification_helper": { "model_numbers": [ "HPE Aruba Networking AOS-CX Switch Series" ] } } }, { "category": "product_version", "name": "AOS-CX 10.15.1030", "product": { "name": "AOS-CX", "product_id": "10.15.1030", "product_identification_helper": { "model_numbers": [ "HPE Aruba Networking AOS-CX Switch Series" ] } } }, { "category": "product_version", "name": "AOS-CX 10.14.1060", "product": { "name": "AOS-CX", "product_id": "10.14.1060", "product_identification_helper": { "model_numbers": [ "HPE Aruba Networking AOS-CX Switch Series" ] } } }, { "category": "product_version", "name": "AOS-CX 10.13.1101", "product": { "name": "AOS-CX", "product_id": "10.13.1101", "product_identification_helper": { "model_numbers": [ "HPE Aruba Networking AOS-CX Switch Series" ] } } }, { "category": "product_version", "name": "AOS-CX 10.10.1170", "product": { "name": "AOS-CX", "product_id": "10.10.1170", "product_identification_helper": { "model_numbers": [ "HPE Aruba Networking AOS-CX Switch Series" ] } } }, { "category": "product_version_range", "name": "vers:semver/>=10.16.0000|<=10.16.1000", "product": { "name": "AOS-CX", "product_id": ">=10.16.0000|<=10.16.1000", "product_identification_helper": { "model_numbers": [ "HPE Aruba Networking AOS-CX Switch Series" ] } } }, { "category": "product_version_range", "name": "vers:semver/>=10.15.0000|<=10.15.1020", "product": { "name": "AOS-CX", "product_id": ">=10.15.0000|<=10.15.1020", "product_identification_helper": { "model_numbers": [ "HPE Aruba Networking AOS-CX Switch Series" ] } } }, { "category": "product_version_range", "name": "vers:semver/>=10.14.0000|<=10.14.1050", "product": { "name": "AOS-CX", "product_id": ">=10.14.0000|<=10.14.1050", "product_identification_helper": { "model_numbers": [ "HPE Aruba Networking AOS-CX Switch Series" ] } } }, { "category": "product_version_range", "name": "vers:semver/>=10.13.0000|<=10.13.1090", "product": { "name": "AOS-CX", "product_id": ">=10.13.0000|<=10.13.1090", "product_identification_helper": { "model_numbers": [ "HPE Aruba Networking AOS-CX Switch Series" ] } } }, { "category": "product_version_range", "name": "vers:semver/>=10.10.0000|<=10.10.1160", "product": { "name": "AOS-CX", "product_id": ">=10.10.0000|<=10.10.1160", "product_identification_helper": { "model_numbers": [ "HPE Aruba Networking AOS-CX Switch Series" ] } } } ], "category": "product_name", "name": "AOS-CX" } ], "category": "vendor", "name": "HPE Aruba Networking" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Angelo Catalani ", "Giacomo Gloria" ], "organization": "Italian National Cybersecurity Agency (ACN)" } ], "cve": "CVE-2025-37155", "notes": [ { "category": "details", "text": "A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerability could allow an attacker with read-only privileges to gain administrator access on the affected system.", "title": "Details" }, { "category": "other", "text": "ATLAX-106", "title": "Internal Reference" } ], "product_status": { "fixed": [ "10.16.1006", "10.15.1030", "10.14.1060", "10.13.1101", "10.10.1170" ], "known_affected": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ] }, "remediations": [ { "category": "vendor_fix", "date": "2025-11-18T17:00:00.000Z", "details": "To address the vulnerabilities described above in the affected software branches, it is recommended to upgrade HPE Aruba Networking AOS-CX to one of the following versions (as applicable):\n\n - AOS-CX 10.16.xxxx: AOS-CX 10.16.1006 and above\n - AOS-CX 10.15.xxxx: AOS-CX 10.15.1030 and above\n - AOS-CX 10.14.xxxx: AOS-CX 10.14.1060 and above\n - AOS-CX 10.13.xxxx: AOS-CX 10.13.1101 and above\n - AOS-CX 10.10.xxxx: AOS-CX 10.10.1170 and above\n\nSoftware versions with resolution/fixes for the vulnerabilities covered above can be downloaded from the HPE Networking Support Portal at https://networkingsupport.hpe.com/home/\n \nHPE Aruba Networking does not evaluate or patch software branches that have reached their End of Maintenance (EoM) milestone. \nFor more information about HPE Aruba Networking End of Life policy please visit: https://www.hpe.com/psnow/doc/a00143052enw", "product_ids": [ "10.16.1006", "10.15.1030", "10.14.1060", "10.13.1101", "10.10.1170" ], "url": "https://networkingsupport.hpe.com/globalsearch#tab=Software" }, { "category": "workaround", "date": "2025-11-18T17:00:00.000Z", "details": "To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage.", "product_ids": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ], "url": "https://arubanetworking.hpe.com/techdocs/ArubaDocPortal/content/new-portal/aoscx.html" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "environmentalScore": 7.8, "environmentalSeverity": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "temporalScore": 7.8, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ] } ], "title": "Authenticated Privilege Escalation Allows Unauthorized Access in Network Management Interface" }, { "acknowledgments": [ { "names": [ "Nicholas Starke" ], "organization": "HPE Aruba Networking SIRT." } ], "cve": "CVE-2025-37156", "notes": [ { "category": "details", "text": "A platform-level denial-of-service (DoS) vulnerability exists in ArubaOS-CX software. Successful exploitation of this vulnerability could allow an attacker with administrative access to execute specific code that renders the switch non-bootable and effectively non-functional.", "title": "Details" }, { "category": "other", "text": "ATLAX-85", "title": "Internal Reference" } ], "product_status": { "fixed": [ "10.16.1006", "10.15.1030", "10.14.1060", "10.13.1101", "10.10.1170" ], "known_affected": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ] }, "remediations": [ { "category": "vendor_fix", "date": "2025-11-18T17:00:00.000Z", "details": "To address the vulnerabilities described above in the affected software branches, it is recommended to upgrade HPE Aruba Networking AOS-CX to one of the following versions (as applicable):\n\n - AOS-CX 10.16.xxxx: AOS-CX 10.16.1006 and above\n - AOS-CX 10.15.xxxx: AOS-CX 10.15.1030 and above\n - AOS-CX 10.14.xxxx: AOS-CX 10.14.1060 and above\n - AOS-CX 10.13.xxxx: AOS-CX 10.13.1101 and above\n - AOS-CX 10.10.xxxx: AOS-CX 10.10.1170 and above\n\nSoftware versions with resolution/fixes for the vulnerabilities covered above can be downloaded from the HPE Networking Support Portal at https://networkingsupport.hpe.com/home/\n \nHPE Aruba Networking does not evaluate or patch software branches that have reached their End of Maintenance (EoM) milestone. \nFor more information about HPE Aruba Networking End of Life policy please visit: https://www.hpe.com/psnow/doc/a00143052enw", "product_ids": [ "10.16.1006", "10.15.1030", "10.14.1060", "10.13.1101", "10.10.1170" ], "url": "https://networkingsupport.hpe.com/globalsearch#tab=Software" }, { "category": "workaround", "date": "2025-11-18T17:00:00.000Z", "details": "To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage.", "product_ids": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ], "url": "https://arubanetworking.hpe.com/techdocs/ArubaDocPortal/content/new-portal/aoscx.html" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "environmentalScore": 6.8, "environmentalSeverity": "MEDIUM", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "temporalScore": 6.8, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "products": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ] } ], "title": "ArubaOS-CX Platform-Level Denial-of-Service Vulnerability" }, { "acknowledgments": [ { "names": [ "Simon Scannel", "Pedro Gallegos", "Josiel Spelman" ], "organization": "Google Cloud Vulnerability Research" } ], "cve": "CVE-2024-12084", "notes": [ { "category": "details", "text": "Rsync, a versatile file-synchronizing tool, contains six vulnerabilities present within versions 3.3.0 and below. Rsync can be used to sync files between remote and local computers, as well as storage devices. The discovered vulnerabilities include heap-buffer overflow, information leak, file leak, external directory file-write, safe-links bypass, and symbolic-link race condition.", "title": "Details" }, { "category": "other", "text": "ATLAX-89", "title": "Internal Reference" } ], "product_status": { "fixed": [ "10.16.1006", "10.15.1030", "10.14.1060", "10.13.1101", "10.10.1170" ], "known_affected": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ] }, "remediations": [ { "category": "vendor_fix", "date": "2025-11-18T17:00:00.000Z", "details": "To address the vulnerabilities described above in the affected software branches, it is recommended to upgrade HPE Aruba Networking AOS-CX to one of the following versions (as applicable):\n\n - AOS-CX 10.16.xxxx: AOS-CX 10.16.1006 and above\n - AOS-CX 10.15.xxxx: AOS-CX 10.15.1030 and above\n - AOS-CX 10.14.xxxx: AOS-CX 10.14.1060 and above\n - AOS-CX 10.13.xxxx: AOS-CX 10.13.1101 and above\n - AOS-CX 10.10.xxxx: AOS-CX 10.10.1170 and above\n\nSoftware versions with resolution/fixes for the vulnerabilities covered above can be downloaded from the HPE Networking Support Portal at https://networkingsupport.hpe.com/home/\n \nHPE Aruba Networking does not evaluate or patch software branches that have reached their End of Maintenance (EoM) milestone. \nFor more information about HPE Aruba Networking End of Life policy please visit: https://www.hpe.com/psnow/doc/a00143052enw", "product_ids": [ "10.16.1006", "10.15.1030", "10.14.1060", "10.13.1101", "10.10.1170" ], "url": "https://networkingsupport.hpe.com/globalsearch#tab=Software" }, { "category": "workaround", "date": "2025-11-18T17:00:00.000Z", "details": "To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage.", "product_ids": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ], "url": "https://arubanetworking.hpe.com/techdocs/ArubaDocPortal/content/new-portal/aoscx.html" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "environmentalScore": 6.7, "environmentalSeverity": "MEDIUM", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "temporalScore": 6.7, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ] } ], "title": "Multiple Vulnerabilities in Rsync Daemon allow for Remote Code Execution, Directory Traversal, and Sensitive Information Disclosure " }, { "acknowledgments": [ { "names": [ "Simon Scannel", "Pedro Gallegos", "Josiel Spelman" ], "organization": "Google Cloud Vulnerability Research" } ], "cve": "CVE-2024-12085", "notes": [ { "category": "details", "text": "Rsync, a versatile file-synchronizing tool, contains six vulnerabilities present within versions 3.3.0 and below. Rsync can be used to sync files between remote and local computers, as well as storage devices. The discovered vulnerabilities include heap-buffer overflow, information leak, file leak, external directory file-write, safe-links bypass, and symbolic-link race condition.", "title": "Details" }, { "category": "other", "text": "ATLAX-89", "title": "Internal Reference" } ], "product_status": { "fixed": [ "10.16.1006", "10.15.1030", "10.14.1060", "10.13.1101", "10.10.1170" ], "known_affected": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ] }, "remediations": [ { "category": "vendor_fix", "date": "2025-11-18T17:00:00.000Z", "details": "To address the vulnerabilities described above in the affected software branches, it is recommended to upgrade HPE Aruba Networking AOS-CX to one of the following versions (as applicable):\n\n - AOS-CX 10.16.xxxx: AOS-CX 10.16.1006 and above\n - AOS-CX 10.15.xxxx: AOS-CX 10.15.1030 and above\n - AOS-CX 10.14.xxxx: AOS-CX 10.14.1060 and above\n - AOS-CX 10.13.xxxx: AOS-CX 10.13.1101 and above\n - AOS-CX 10.10.xxxx: AOS-CX 10.10.1170 and above\n\nSoftware versions with resolution/fixes for the vulnerabilities covered above can be downloaded from the HPE Networking Support Portal at https://networkingsupport.hpe.com/home/\n \nHPE Aruba Networking does not evaluate or patch software branches that have reached their End of Maintenance (EoM) milestone. \nFor more information about HPE Aruba Networking End of Life policy please visit: https://www.hpe.com/psnow/doc/a00143052enw", "product_ids": [ "10.16.1006", "10.15.1030", "10.14.1060", "10.13.1101", "10.10.1170" ], "url": "https://networkingsupport.hpe.com/globalsearch#tab=Software" }, { "category": "workaround", "date": "2025-11-18T17:00:00.000Z", "details": "To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage.", "product_ids": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ], "url": "https://arubanetworking.hpe.com/techdocs/ArubaDocPortal/content/new-portal/aoscx.html" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "environmentalScore": 6.7, "environmentalSeverity": "MEDIUM", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "temporalScore": 6.7, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ] } ], "title": "Multiple Vulnerabilities in Rsync Daemon allow for Remote Code Execution, Directory Traversal, and Sensitive Information Disclosure " }, { "acknowledgments": [ { "names": [ "Simon Scannel", "Pedro Gallegos", "Josiel Spelman" ], "organization": "Google Cloud Vulnerability Research" } ], "cve": "CVE-2024-12086", "notes": [ { "category": "details", "text": "Rsync, a versatile file-synchronizing tool, contains six vulnerabilities present within versions 3.3.0 and below. Rsync can be used to sync files between remote and local computers, as well as storage devices. The discovered vulnerabilities include heap-buffer overflow, information leak, file leak, external directory file-write, safe-links bypass, and symbolic-link race condition.", "title": "Details" }, { "category": "other", "text": "ATLAX-89", "title": "Internal Reference" } ], "product_status": { "fixed": [ "10.16.1006", "10.15.1030", "10.14.1060", "10.13.1101", "10.10.1170" ], "known_affected": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ] }, "remediations": [ { "category": "vendor_fix", "date": "2025-11-18T17:00:00.000Z", "details": "To address the vulnerabilities described above in the affected software branches, it is recommended to upgrade HPE Aruba Networking AOS-CX to one of the following versions (as applicable):\n\n - AOS-CX 10.16.xxxx: AOS-CX 10.16.1006 and above\n - AOS-CX 10.15.xxxx: AOS-CX 10.15.1030 and above\n - AOS-CX 10.14.xxxx: AOS-CX 10.14.1060 and above\n - AOS-CX 10.13.xxxx: AOS-CX 10.13.1101 and above\n - AOS-CX 10.10.xxxx: AOS-CX 10.10.1170 and above\n\nSoftware versions with resolution/fixes for the vulnerabilities covered above can be downloaded from the HPE Networking Support Portal at https://networkingsupport.hpe.com/home/\n \nHPE Aruba Networking does not evaluate or patch software branches that have reached their End of Maintenance (EoM) milestone. \nFor more information about HPE Aruba Networking End of Life policy please visit: https://www.hpe.com/psnow/doc/a00143052enw", "product_ids": [ "10.16.1006", "10.15.1030", "10.14.1060", "10.13.1101", "10.10.1170" ], "url": "https://networkingsupport.hpe.com/globalsearch#tab=Software" }, { "category": "workaround", "date": "2025-11-18T17:00:00.000Z", "details": "To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage.", "product_ids": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ], "url": "https://arubanetworking.hpe.com/techdocs/ArubaDocPortal/content/new-portal/aoscx.html" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "environmentalScore": 6.7, "environmentalSeverity": "MEDIUM", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "temporalScore": 6.7, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ] } ], "title": "Multiple Vulnerabilities in Rsync Daemon allow for Remote Code Execution, Directory Traversal, and Sensitive Information Disclosure " }, { "acknowledgments": [ { "names": [ "Simon Scannel", "Pedro Gallegos", "Josiel Spelman" ], "organization": "Google Cloud Vulnerability Research" } ], "cve": "CVE-2024-12087", "notes": [ { "category": "details", "text": "Rsync, a versatile file-synchronizing tool, contains six vulnerabilities present within versions 3.3.0 and below. Rsync can be used to sync files between remote and local computers, as well as storage devices. The discovered vulnerabilities include heap-buffer overflow, information leak, file leak, external directory file-write, safe-links bypass, and symbolic-link race condition.", "title": "Details" }, { "category": "other", "text": "ATLAX-89", "title": "Internal Reference" } ], "product_status": { "fixed": [ "10.16.1006", "10.15.1030", "10.14.1060", "10.13.1101", "10.10.1170" ], "known_affected": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ] }, "remediations": [ { "category": "vendor_fix", "date": "2025-11-18T17:00:00.000Z", "details": "To address the vulnerabilities described above in the affected software branches, it is recommended to upgrade HPE Aruba Networking AOS-CX to one of the following versions (as applicable):\n\n - AOS-CX 10.16.xxxx: AOS-CX 10.16.1006 and above\n - AOS-CX 10.15.xxxx: AOS-CX 10.15.1030 and above\n - AOS-CX 10.14.xxxx: AOS-CX 10.14.1060 and above\n - AOS-CX 10.13.xxxx: AOS-CX 10.13.1101 and above\n - AOS-CX 10.10.xxxx: AOS-CX 10.10.1170 and above\n\nSoftware versions with resolution/fixes for the vulnerabilities covered above can be downloaded from the HPE Networking Support Portal at https://networkingsupport.hpe.com/home/\n \nHPE Aruba Networking does not evaluate or patch software branches that have reached their End of Maintenance (EoM) milestone. \nFor more information about HPE Aruba Networking End of Life policy please visit: https://www.hpe.com/psnow/doc/a00143052enw", "product_ids": [ "10.16.1006", "10.15.1030", "10.14.1060", "10.13.1101", "10.10.1170" ], "url": "https://networkingsupport.hpe.com/globalsearch#tab=Software" }, { "category": "workaround", "date": "2025-11-18T17:00:00.000Z", "details": "To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage.", "product_ids": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ], "url": "https://arubanetworking.hpe.com/techdocs/ArubaDocPortal/content/new-portal/aoscx.html" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "environmentalScore": 6.7, "environmentalSeverity": "MEDIUM", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "temporalScore": 6.7, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ] } ], "title": "Multiple Vulnerabilities in Rsync Daemon allow for Remote Code Execution, Directory Traversal, and Sensitive Information Disclosure " }, { "acknowledgments": [ { "names": [ "Simon Scannel", "Pedro Gallegos", "Josiel Spelman" ], "organization": "Google Cloud Vulnerability Research" } ], "cve": "CVE-2024-12088", "notes": [ { "category": "details", "text": "Rsync, a versatile file-synchronizing tool, contains six vulnerabilities present within versions 3.3.0 and below. Rsync can be used to sync files between remote and local computers, as well as storage devices. The discovered vulnerabilities include heap-buffer overflow, information leak, file leak, external directory file-write, safe-links bypass, and symbolic-link race condition.", "title": "Details" }, { "category": "other", "text": "ATLAX-89", "title": "Internal Reference" } ], "product_status": { "fixed": [ "10.16.1006", "10.15.1030", "10.14.1060", "10.13.1101", "10.10.1170" ], "known_affected": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ] }, "remediations": [ { "category": "vendor_fix", "date": "2025-11-18T17:00:00.000Z", "details": "To address the vulnerabilities described above in the affected software branches, it is recommended to upgrade HPE Aruba Networking AOS-CX to one of the following versions (as applicable):\n\n - AOS-CX 10.16.xxxx: AOS-CX 10.16.1006 and above\n - AOS-CX 10.15.xxxx: AOS-CX 10.15.1030 and above\n - AOS-CX 10.14.xxxx: AOS-CX 10.14.1060 and above\n - AOS-CX 10.13.xxxx: AOS-CX 10.13.1101 and above\n - AOS-CX 10.10.xxxx: AOS-CX 10.10.1170 and above\n\nSoftware versions with resolution/fixes for the vulnerabilities covered above can be downloaded from the HPE Networking Support Portal at https://networkingsupport.hpe.com/home/\n \nHPE Aruba Networking does not evaluate or patch software branches that have reached their End of Maintenance (EoM) milestone. \nFor more information about HPE Aruba Networking End of Life policy please visit: https://www.hpe.com/psnow/doc/a00143052enw", "product_ids": [ "10.16.1006", "10.15.1030", "10.14.1060", "10.13.1101", "10.10.1170" ], "url": "https://networkingsupport.hpe.com/globalsearch#tab=Software" }, { "category": "workaround", "date": "2025-11-18T17:00:00.000Z", "details": "To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage.", "product_ids": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ], "url": "https://arubanetworking.hpe.com/techdocs/ArubaDocPortal/content/new-portal/aoscx.html" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "environmentalScore": 6.7, "environmentalSeverity": "MEDIUM", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "temporalScore": 6.7, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ] } ], "title": "Multiple Vulnerabilities in Rsync Daemon allow for Remote Code Execution, Directory Traversal, and Sensitive Information Disclosure " }, { "acknowledgments": [ { "names": [ "Aleksei Gorban" ] } ], "cve": "CVE-2024-12747", "notes": [ { "category": "details", "text": "Rsync, a versatile file-synchronizing tool, contains six vulnerabilities present within versions 3.3.0 and below. Rsync can be used to sync files between remote and local computers, as well as storage devices. The discovered vulnerabilities include heap-buffer overflow, information leak, file leak, external directory file-write, safe-links bypass, and symbolic-link race condition.", "title": "Details" }, { "category": "other", "text": "ATLAX-89", "title": "Internal Reference" } ], "product_status": { "fixed": [ "10.16.1006", "10.15.1030", "10.14.1060", "10.13.1101", "10.10.1170" ], "known_affected": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ] }, "remediations": [ { "category": "vendor_fix", "date": "2025-11-18T17:00:00.000Z", "details": "To address the vulnerabilities described above in the affected software branches, it is recommended to upgrade HPE Aruba Networking AOS-CX to one of the following versions (as applicable):\n\n - AOS-CX 10.16.xxxx: AOS-CX 10.16.1006 and above\n - AOS-CX 10.15.xxxx: AOS-CX 10.15.1030 and above\n - AOS-CX 10.14.xxxx: AOS-CX 10.14.1060 and above\n - AOS-CX 10.13.xxxx: AOS-CX 10.13.1101 and above\n - AOS-CX 10.10.xxxx: AOS-CX 10.10.1170 and above\n\nSoftware versions with resolution/fixes for the vulnerabilities covered above can be downloaded from the HPE Networking Support Portal at https://networkingsupport.hpe.com/home/\n \nHPE Aruba Networking does not evaluate or patch software branches that have reached their End of Maintenance (EoM) milestone. \nFor more information about HPE Aruba Networking End of Life policy please visit: https://www.hpe.com/psnow/doc/a00143052enw", "product_ids": [ "10.16.1006", "10.15.1030", "10.14.1060", "10.13.1101", "10.10.1170" ], "url": "https://networkingsupport.hpe.com/globalsearch#tab=Software" }, { "category": "workaround", "date": "2025-11-18T17:00:00.000Z", "details": "To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage.", "product_ids": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ], "url": "https://arubanetworking.hpe.com/techdocs/ArubaDocPortal/content/new-portal/aoscx.html" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "environmentalScore": 6.7, "environmentalSeverity": "MEDIUM", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "temporalScore": 6.7, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ] } ], "title": "Multiple Vulnerabilities in Rsync Daemon allow for Remote Code Execution, Directory Traversal, and Sensitive Information Disclosure " }, { "acknowledgments": [ { "names": [ "zzcentury" ], "organization": "Ubisectech Sirius Team through HPE Aruba Networking's bug bounty program." } ], "cve": "CVE-2025-37157", "notes": [ { "category": "details", "text": "A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system.", "title": "Details" }, { "category": "other", "text": "ATLAX-96", "title": "Internal Reference" } ], "product_status": { "fixed": [ "10.16.1006", "10.15.1030", "10.14.1060", "10.13.1101", "10.10.1170" ], "known_affected": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ] }, "remediations": [ { "category": "vendor_fix", "date": "2025-11-18T17:00:00.000Z", "details": "To address the vulnerabilities described above in the affected software branches, it is recommended to upgrade HPE Aruba Networking AOS-CX to one of the following versions (as applicable):\n\n - AOS-CX 10.16.xxxx: AOS-CX 10.16.1006 and above\n - AOS-CX 10.15.xxxx: AOS-CX 10.15.1030 and above\n - AOS-CX 10.14.xxxx: AOS-CX 10.14.1060 and above\n - AOS-CX 10.13.xxxx: AOS-CX 10.13.1101 and above\n - AOS-CX 10.10.xxxx: AOS-CX 10.10.1170 and above\n\nSoftware versions with resolution/fixes for the vulnerabilities covered above can be downloaded from the HPE Networking Support Portal at https://networkingsupport.hpe.com/home/\n \nHPE Aruba Networking does not evaluate or patch software branches that have reached their End of Maintenance (EoM) milestone. \nFor more information about HPE Aruba Networking End of Life policy please visit: https://www.hpe.com/psnow/doc/a00143052enw", "product_ids": [ "10.16.1006", "10.15.1030", "10.14.1060", "10.13.1101", "10.10.1170" ], "url": "https://networkingsupport.hpe.com/globalsearch#tab=Software" }, { "category": "workaround", "date": "2025-11-18T17:00:00.000Z", "details": "To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage.", "product_ids": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ], "url": "https://arubanetworking.hpe.com/techdocs/ArubaDocPortal/content/new-portal/aoscx.html" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "environmentalScore": 6.7, "environmentalSeverity": "MEDIUM", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "temporalScore": 6.7, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ] } ], "title": "Authenticated Command Injection allows Unauthorized Command Execution in AOS-CX" }, { "acknowledgments": [ { "names": [ "zzcentury" ], "organization": "Ubisectech Sirius Team through HPE Aruba Networking's bug bounty program." } ], "cve": "CVE-2025-37158", "notes": [ { "category": "details", "text": "A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system.", "title": "Details" }, { "category": "other", "text": "ATLAX-98", "title": "Internal Reference" } ], "product_status": { "fixed": [ "10.16.1006", "10.15.1030", "10.14.1060", "10.13.1101", "10.10.1170" ], "known_affected": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ] }, "remediations": [ { "category": "vendor_fix", "date": "2025-11-18T17:00:00.000Z", "details": "To address the vulnerabilities described above in the affected software branches, it is recommended to upgrade HPE Aruba Networking AOS-CX to one of the following versions (as applicable):\n\n - AOS-CX 10.16.xxxx: AOS-CX 10.16.1006 and above\n - AOS-CX 10.15.xxxx: AOS-CX 10.15.1030 and above\n - AOS-CX 10.14.xxxx: AOS-CX 10.14.1060 and above\n - AOS-CX 10.13.xxxx: AOS-CX 10.13.1101 and above\n - AOS-CX 10.10.xxxx: AOS-CX 10.10.1170 and above\n\nSoftware versions with resolution/fixes for the vulnerabilities covered above can be downloaded from the HPE Networking Support Portal at https://networkingsupport.hpe.com/home/\n \nHPE Aruba Networking does not evaluate or patch software branches that have reached their End of Maintenance (EoM) milestone. \nFor more information about HPE Aruba Networking End of Life policy please visit: https://www.hpe.com/psnow/doc/a00143052enw", "product_ids": [ "10.16.1006", "10.15.1030", "10.14.1060", "10.13.1101", "10.10.1170" ], "url": "https://networkingsupport.hpe.com/globalsearch#tab=Software" }, { "category": "workaround", "date": "2025-11-18T17:00:00.000Z", "details": "To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage.", "product_ids": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ], "url": "https://arubanetworking.hpe.com/techdocs/ArubaDocPortal/content/new-portal/aoscx.html" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "environmentalScore": 6.7, "environmentalSeverity": "MEDIUM", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "temporalScore": 6.7, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ] } ], "title": "Authenticated Command Injection allows Unauthorized Command Execution in AOS-CX" }, { "acknowledgments": [ { "names": [ "Qualys Threat Research Unity (TRU)" ], "organization": "Qualys Threat Research Unity (TRU).", "summary": "NOTE: Please refer to the following link for additional details: https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt." } ], "cve": "CVE-2025-26466", "notes": [ { "category": "details", "text": "The OpenSSH client and server are vulnerable to a pre-authentication denial-of-service attack: an asymmetric resource consumption of both memory and CPU. This vulnerability was introduced in August 2023 (shortly before OpenSSH 9.5p1) by commit dce6d80 ('Introduce a transport-level ping facility').", "title": "Details" }, { "category": "other", "text": "ATLAX-102", "title": "Internal Reference" } ], "product_status": { "fixed": [ "10.16.1006", "10.15.1030", "10.14.1060", "10.13.1101", "10.10.1170" ], "known_affected": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ] }, "remediations": [ { "category": "vendor_fix", "date": "2025-11-18T17:00:00.000Z", "details": "To address the vulnerabilities described above in the affected software branches, it is recommended to upgrade HPE Aruba Networking AOS-CX to one of the following versions (as applicable):\n\n - AOS-CX 10.16.xxxx: AOS-CX 10.16.1006 and above\n - AOS-CX 10.15.xxxx: AOS-CX 10.15.1030 and above\n - AOS-CX 10.14.xxxx: AOS-CX 10.14.1060 and above\n - AOS-CX 10.13.xxxx: AOS-CX 10.13.1101 and above\n - AOS-CX 10.10.xxxx: AOS-CX 10.10.1170 and above\n\nSoftware versions with resolution/fixes for the vulnerabilities covered above can be downloaded from the HPE Networking Support Portal at https://networkingsupport.hpe.com/home/\n \nHPE Aruba Networking does not evaluate or patch software branches that have reached their End of Maintenance (EoM) milestone. \nFor more information about HPE Aruba Networking End of Life policy please visit: https://www.hpe.com/psnow/doc/a00143052enw", "product_ids": [ "10.16.1006", "10.15.1030", "10.14.1060", "10.13.1101", "10.10.1170" ], "url": "https://networkingsupport.hpe.com/globalsearch#tab=Software" }, { "category": "workaround", "date": "2025-11-18T17:00:00.000Z", "details": "To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage.", "product_ids": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ], "url": "https://arubanetworking.hpe.com/techdocs/ArubaDocPortal/content/new-portal/aoscx.html" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "environmentalScore": 5.9, "environmentalSeverity": "MEDIUM", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "temporalScore": 5.9, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ] } ], "title": "Denial-of-Service (DoS) attack against OpenSSH's client and server" }, { "acknowledgments": [ { "names": [ "0x50d" ] } ], "cve": "CVE-2025-37159", "notes": [ { "category": "details", "text": "A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the view or modification of sensitive configuration data.", "title": "Details" }, { "category": "other", "text": "ATLAX-97", "title": "Internal Reference" } ], "product_status": { "fixed": [ "10.16.1006", "10.15.1030", "10.14.1060", "10.13.1101", "10.10.1170" ], "known_affected": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ] }, "remediations": [ { "category": "vendor_fix", "date": "2025-11-18T17:00:00.000Z", "details": "To address the vulnerabilities described above in the affected software branches, it is recommended to upgrade HPE Aruba Networking AOS-CX to one of the following versions (as applicable):\n\n - AOS-CX 10.16.xxxx: AOS-CX 10.16.1006 and above\n - AOS-CX 10.15.xxxx: AOS-CX 10.15.1030 and above\n - AOS-CX 10.14.xxxx: AOS-CX 10.14.1060 and above\n - AOS-CX 10.13.xxxx: AOS-CX 10.13.1101 and above\n - AOS-CX 10.10.xxxx: AOS-CX 10.10.1170 and above\n\nSoftware versions with resolution/fixes for the vulnerabilities covered above can be downloaded from the HPE Networking Support Portal at https://networkingsupport.hpe.com/home/\n \nHPE Aruba Networking does not evaluate or patch software branches that have reached their End of Maintenance (EoM) milestone. \nFor more information about HPE Aruba Networking End of Life policy please visit: https://www.hpe.com/psnow/doc/a00143052enw", "product_ids": [ "10.16.1006", "10.15.1030", "10.14.1060", "10.13.1101", "10.10.1170" ], "url": "https://networkingsupport.hpe.com/globalsearch#tab=Software" }, { "category": "workaround", "date": "2025-11-18T17:00:00.000Z", "details": "To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends to temporarily disable the web management interface until the permanent fix is applied.", "product_ids": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ], "url": "https://arubanetworking.hpe.com/techdocs/ArubaDocPortal/content/new-portal/aoscx.html" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "environmentalScore": 5.8, "environmentalSeverity": "MEDIUM", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "temporalScore": 5.8, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ] } ], "title": "Authenticated Session Hijacking Allows Unauthorized Access in Network Switching Software" }, { "acknowledgments": [ { "names": [ "dugisan3rd" ], "organization": "Farzul Nizam thrugh HPE Aruba Networking's bug bounty program" } ], "cve": "CVE-2025-37160", "notes": [ { "category": "details", "text": "A broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation of this vulnerability could enable the attacker to disclose sensitive data.", "title": "Details" }, { "category": "other", "text": "ATLAX-79", "title": "Internal Reference" } ], "product_status": { "fixed": [ "10.16.1006", "10.15.1030", "10.14.1060", "10.13.1101", "10.10.1170" ], "known_affected": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ] }, "remediations": [ { "category": "vendor_fix", "date": "2025-11-18T17:00:00.000Z", "details": "To address the vulnerabilities described above in the affected software branches, it is recommended to upgrade HPE Aruba Networking AOS-CX to one of the following versions (as applicable):\n\n - AOS-CX 10.16.xxxx: AOS-CX 10.16.1006 and above\n - AOS-CX 10.15.xxxx: AOS-CX 10.15.1030 and above\n - AOS-CX 10.14.xxxx: AOS-CX 10.14.1060 and above\n - AOS-CX 10.13.xxxx: AOS-CX 10.13.1101 and above\n - AOS-CX 10.10.xxxx: AOS-CX 10.10.1170 and above\n\nSoftware versions with resolution/fixes for the vulnerabilities covered above can be downloaded from the HPE Networking Support Portal at https://networkingsupport.hpe.com/home/\n \nHPE Aruba Networking does not evaluate or patch software branches that have reached their End of Maintenance (EoM) milestone. \nFor more information about HPE Aruba Networking End of Life policy please visit: https://www.hpe.com/psnow/doc/a00143052enw", "product_ids": [ "10.16.1006", "10.15.1030", "10.14.1060", "10.13.1101", "10.10.1170" ], "url": "https://networkingsupport.hpe.com/globalsearch#tab=Software" }, { "category": "workaround", "date": "2025-11-18T17:00:00.000Z", "details": "To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage.", "product_ids": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ], "url": "https://arubanetworking.hpe.com/techdocs/ArubaDocPortal/content/new-portal/aoscx.html" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "environmentalScore": 5.3, "environmentalSeverity": "MEDIUM", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "temporalScore": 5.3, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ ">=10.16.0000|<=10.16.1000", ">=10.15.0000|<=10.15.1020", ">=10.14.0000|<=10.14.1050", ">=10.13.0000|<=10.13.1090", ">=10.10.0000|<=10.10.1160" ] } ], "title": "Authenticated Broken Access Control (BAC) in REST API Configuration Service" } ] }