-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 HPE Aruba Networking Product Security Advisory ============================================== Advisory ID: HPESBNW04996 CVE: CVE-2026-23592, CVE-2026-23593, CVE-2024-4741 Publication Date: 2026-Jan-27 Status: Confirmed Severity: High Revision: 1 Title ===== HPE Aruba Networking Fabric Composer Multiple Vulnerabilities Overview ======== HPE Networking has released patches for the HPE Aruba Networking Fabric Composer to address multiple security vulnerabilities. Affected Products ================= HPE Aruba Networking Fabric Composer Affected Software Version(s): HPE Aruba Networking Fabric Composer 7.x.x: 7.2.3 and below Unaffected Products =================== Any other HPE Networking products not specifically listed above are not affected by these vulnerabilities. Details ======= Use After Free with SSL_free_buffers (CVE-2024-4741) - --------------------------------------------------------------------- Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations... Applications that do not call this function are not vulnerable. Our investigations indicate that this function is rarely used by applications. A call to SSL_free_buffers will succeed even though the buffer is still in use. While these scenarios could occur accidentally during normal operation, a malicious attacker could attempt to engineer a situation where this occurs. Internal References: VULN-36 Severity: High CVSSv3.x Overall Score: 7.5 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Discovery: This vulnerability was discovered and reported by OpenSSL Software Foundation Insecure File Handling allows Remote Code Execution in Backup Functionality (CVE-2026-23592) - --------------------------------------------------------------------- Insecure file operations in HPE Aruba Networking Fabric Composer’s backup functionality could allow authenticated attackers to achieve remote code execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. Internal References: VULN-37 Severity: High CVSSv3.1 Overall Score: 7.2 CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Discovery: This vulnerability was discovered and reported by Daniel Jensen (@dozernz) through HPE Aruba Networking's Bug Bounty program Unauthenticated Limited File Read allows Data Exposure in Web Interface (CVE-2026-23593) - --------------------------------------------------------------------- A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an unauthenticated remote attacker to view some system files. Successful exploitation could allow an attacker to read files within the affected directory. Internal References: VULN-38 Severity: Medium CVSSv3.x Overall Score: 5.3 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Discovery: This vulnerability was discovered and reported by Daniel Jensen (@dozernz) through HPE Aruba Networking's Bug Bounty Program Resolution ========== Upgrade the HPE Aruba Networking Fabric Composer to the following version to resolve the vulnerabilities described in the details section: - HPE Aruba Networking Fabric Composer 7.x.x: 7.3.0 and above HPE Networking does not evaluate or patch software branches that have reached their End of Support Life (EoSL) milestone. For more information about HPE Networking products End of Support policy visit: https://hpe.com/psnow/doc/a00143052enw Workaround ========== To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above, along with accounting controls for tracking and logging user activities and resource usage. You may contact HPE Services - HPE Aruba Networking for assistance if needed. For more information, please visit HPE Networking Support Portal at https://networkingsupport.hpe.com/home Exploitation and Public Discussion ================================== HPE Aruba Networking is not aware of any public discussion or exploit code targeting these specific vulnerabilities as of the release date of the advisory. Revision History ================ Revision 1 / 2026-Jan-27 / Initial release HPE Aruba Networking SIRT Security Procedures ============================================== Complete information on reporting security vulnerabilities in HPE Aruba Networking products and obtaining assistance with security incidents is available at: http://www.hpe.com/support/security-response-policy For reporting NEW HPE Aruba Networking security issues, email can be sent to aruba-sirt@hpe.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at: https://www.hpe.com/info/psrt-pgp-key (c) Copyright 2026 by Hewlett Packard Enterprise Development LP. This advisory may be redistributed freely after the release date given at the top of the text, provided that the redistributed copies are complete and unmodified, including all data and version information -----BEGIN PGP SIGNATURE----- iQHLBAEBCAA1FiEEMErWmuZGsYOCo0+xpjMm7I0cE64FAml4NL0XHHNlY3VyaXR5 LWFsZXJ0QGhwZS5jb20ACgkQpjMm7I0cE66wTgv9GoF8k+z37V5i7h5T5G6n5ZGf N7H9lap74QxmWaOPoLcf95NaNCluc97yaXoVPYhYZoTTIfaWjtujpvrxVqm8dzmR lsTtotGv8y4TQt7ytRSGmZCknNz0lUNMShl8tk/THo7SQGVlGgxR6bh9TTuGdQAq C8aOXqGAYmi6PXwmMWJnoJrnEW+ESD5j0sgnSxxd17PbIH4XI+V95dotNQk2k3jb 5uEgWwU5szZb/4fcGhR+LdCoOgRE/N+/aL0pAE46rHYZMZmut38kgetbXLy2oscu enNGurKr7xse5O/dV+OxrF3dYAnrMEVRNys/Gx8KdSUT6jHod9QhrTz9glwjcq1+ zctaxO4gpULRorgLvaDQjbjb11jCLrZsIoYefE92u82AVkIZHcCv7duBme9Esyfr PmrlgWfZRbBpHQ85n0OO/qHCyBy5dIqL2OhxesadNIHxAna9UAjpAlhAjvhQMyTP gQurVM6pqkJD+iTemjj/1e7TmDOtORjb/nOp6M4J =Iv7U -----END PGP SIGNATURE-----