—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in HPE Aruba Products 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Systems Affected

HPE Aruba Networking Fabric Composer

Overview

Multiple vulnerabilities have been reported in the HPE Aruba Networking Fabric Composer that could be exploited by an authenticated attacker to execute arbitrary commands on the targeted system.

Target Audience:

Network and Security Administrators,IT Operations and System Engineers,Enterprise Architects and CIOs/CTOs,Managed Service Providers (MSPs)

Risk Assessment:

There are high risks of Confidentiality, Operational, Integrity, and Availability

Impact Assessment:

There are high risks of Confidentiality, Integrity, and Availability.

Description

HPE Aruba Networking Fabric Composer is a centralized network management and automation platform designed to simplify the deployment, configuration, and operation of modern data center and campus networks.

1. Remote Code Execution Vulnerability ( CVE-2026-23592   )

A vulnerability exists due to insecure file operations in the backup functionality of HPE Aruba Networking Fabric Composer. This Vulnerability could allow an authenticated attacker to achieve remote code execution.

Successfully exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system.

2. Information Disclosure Vulnerability ( CVE-2026-23593   )

A  Vulnerability exists in the web-based management interface of HPE Aruba Networking Fabric Composer that could allow an unauthenticated remote attacker to view and access sensitive system files.

Successfully exploitation of this vulnerability could allow an attacker to read files within the affected directory.

Solution

Apply appropriate software updates as mentioned by Security vendor

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04996en_us&docLocale=en_US

References

 

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04996en_us&docLocale=en_US

CVE Name

CVE-2026-23592

CVE-2026-23593

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAml6JwYACgkQ3jCgcSdc

ys/tLw//Z5m19rJJHcDh20KsqeJ8IhXVb2g+/rRTnHj2eznv6x5zzk85nFGe0Yip

+0fSnGCLsmEzMr2N40nHROJiLyf0eFXZzRPPoI6hV3AFI4Ol6yI9W9AvnLcZ1JZF

W/SD961NDwZOsqo/fnJA+H+dUcROTiYZD2ixgqzBhXRUHSdMZeVHXoSNjh/i4W8Z

lQUNZZFGLKnxiaoMfvGo2OAqkUpw9Ce6JjOQ5xXKYwQfYkhUjyr4y6GZXA6P3KLd

l4+vuH80AJF/zhXsAqsNMavbuHcryydcMVyoMp+dKsyKNrJRMcqnuhOXPRFpbOEw

MdM1vTd9LDKG+uvJ9oi5elkHm2k3cZq0mR8Yh9p7cLiuZpJHr6KvUvVvVziaPlT2

NRDsGfITvj5SSMDU8blAQM/PIW8/Bh4BO7SanCNxSlkh9RkIx8MG5hIpxRcgb9Ah

dIeYIGP287UCY2FRON98ehuUTJD2RQrKL3t7gxnn0+BNMcr6wLTF/y9iWyDbzdPA

9AkdSf+8YLBlmu1AbmJUBiCwRGSGwYwFlwHR0DP43E1jARVM8Fz5n3pDEIn9te4n

5nEE1irG0AfLn7sy7CerR99o6e4oQ2w/Gl9vq4uR3ODU/0088FcEezdJsyJtU6as

en5IaOfPsEZvCw1asiOgw8Jw8AimUrocpt8FBs4vj2yZfQGmDhw=

=Wna5

—–END PGP SIGNATURE—–