—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in HPE Aruba Networking AOS-CX

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: High

 

Software Affected: 

·         HPE Aruba Networking AOS-CX Software Version(s):

o    AOS-CX 10.16.xxxx: 10.16.1000 and below

o    AOS-CX 10.15.xxxx: 10.15.1020 and below

o    AOS-CX 10.14.xxxx: 10.14.1050 and below

o    AOS-CX 10.13.xxxx: 10.13.1090 and below

o    AOS-CX 10.10.xxxx: 10.10.1160 and below

 

Overview:

Multiple vulnerabilities have been reported in HPE Aruba Networking AOS-CX  that could be exploited by an unauthenticated attacker to Gain Unauthorized Access; Remote: Access Restriction Bypass, Arbitrary Command Execution, Code Execution, Denial of Service (DoS), Disclosure of Sensitive Information, Elevated Privileges, Session Reuse  on the targeted system.

 

Target Audience:

Network Engineers / Administrators, System Administrators / DevOps, Security Operations Center (SOC) / Incident Response, Security Architects

 

Risk Assessment:

Identity Compromise and Credential Theft

 

Impact Assessment:

There are high risks of Confidentiality, Integrity, and Availability

 

Description: 

1.   Privilege Escalation Vulnerability  CVE-2025-37155

 

This Vulnerability exists in the SSH restricted shell interface that fails to enforce proper privilege separation for read-only users. This Vulnerability exploited by an attacker to gain legitimate access to the management interface via SSH with read-only or low-level credentials.

Successful exploitation of this Vulnerability could allow an attacker with read-only access to escalate privileges to administrator access on the affected device. 

 

2.   Denial-of-Service (DoS) Vulnerability   CVE-2025-37156

This Vulnerability exists in the AOS-CX software that allows specific administrative code to be executed.

Successful exploitation of this Vulnerability could allow an authenticated administrator to execute code that renders the switch non-bootable and effectively non-functional.

 

3.       Command Injection Vulnerability   CVE-2025-37157 CVE-2025-37158

 

These Vulnerabilities exist in AOS-CX Operating System due to insufficient input validation or improper command handling.

Successful exploitation of these Vulnerabilities could allow an attacker to execute arbitrary commands on the system.

 

 

4.       Denial-of-Service (DoS) Vulnerability    CVE-2025-26466

This Vulnerability exists in the OpenSSH package due to improper handling of SSH2_MSG_PING packets during the pre-authentication phase. This Vulnerability exploited by an attacker to send PING packets, causing an uncontrolled increase in memory and CPU consumption on the server side.

 Successful exploitation of this Vulnerability could allow an attacker leads to the server crashing or becoming unresponsive, resulting in a denial of service.

 

5.         Session Hijacking Vulnerability  CVE-2025-37159

This Vulnerability exists in the web management interface of the AOS-CX OS

user authentication service could allow an authenticated remote attacker to hijack an active user session.

Successful exploitation of this Vulnerability could allow an attacker to maintain unauthorized access to the session, potentially leading to the view or modification of sensitive configuration data.

 

6.       Broken Access Control (BAC) Vulnerability CVE-2024-37160

This Vulnerability exists in the web-based management interface could allow an authenticated remote attacker with low privileges to view sensitive information.

 

Successful exploitation of this Vulnerability could enable the attacker to

disclose sensitive data. 

 

Solution

 

Apply appropriate software updates as mentioned by Security vendor

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04971en_us&docLocale=en_US

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us&docLocale=en_US

  

References:

 https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04971en_us&docLocale=en_US

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us&docLocale=en_US

CVE Name 

CVE-2025-37155

CVE-2025-37156

CVE-2025-37157

CVE-2025-37158

CVE-2025-37159

CVE-2024-37160

 CVE-2025-26466

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmkgjf8ACgkQ3jCgcSdc

ys+TEhAAnJlWBpylDB7C7Hm1p8VHQ1a3JsGoUA+GJ04oSrGd0o9rDLLPlBYTmhdS

urZNH4d48pcUe5MvmyKXTTmp+oWcZgik1ua0cK5jUIBLomfj6CMSOTVOBLgYDmS9

q4zYjHxpfez6V91/WOT2XfIEP6hji0zhlmgcVfYq+JJnCSEeczNinOofMxI7NN9l

YLjEpobNxbZoxrq5kzK8myl7lyczuh6Cs3omXXjYJi1N7FOjtBaWKyEcEjl5zj2A

LMQRy56VnAVvnCLLA+tDbsf2t/WdnuwZ/mPRRf6p3wFU0o+k4rKz5UBz8HyMNITG

HI9Yynj/exq5fAGtdQ4Odr4E3Go3T+HfRVS7w0Es7Q0wkriiunBrk7B7nPipyuyD

5e5VgSkB0tK496/PPQqczxJALlyp19mJgGBOhSNPS/PJ0W0YIaANRIcY7FwHoLMl

yrNvQx9kqcIC0UTjNQxXK8Uw2fPuEQnp4wDNM0Bzac82otYJLQ5DraZG9lqcnRBt

96Js97GaNwPHUYJRDjljAJecjmoxKseoilUIMIeSzj7TChCygngZ15TkZjXvfpWJ

46EwByqQf1VMk5v2xD7CZ7uJYQNYl0s1YUEKOinfjNUsutwTc7ZtQlkZ8GlQDAb7

U2+gS5uP6DBEii2ntlXWz6NlqM6ebsDOh4ZUCe2DhG0CrBfSYK4=

=OEte

—–END PGP SIGNATURE—–