—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Aruba Products

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: MEDIUM

Software Affected

HPE Aruba Networking Private 5G Core:

1.24.3.0

1.24.3.1

1.24.3.2

1.24.3.3

Overview

Multiple vulnerabilities have been reported in Aruba product which could be exploited by an attacker triggering denial of service, disclosure of sensitive information, data manipulation, security restriction bypass and elevation of privilege on the targeted system.

Target Audience:

All end-user organizations and individuals using Aruba Products.

Risk Assessment:

Risk of remote code execution, denial of service, escalation of privilege, unauthorized access to sensitive information, unauthorized data modification.

Impact Assessment:

Potential compromise of system, service disruption and unauthorized access to sensitive information.

Description

Multiple vulnerabilities exist in Aruba products due to unauthenticated authentication bypass in application API, unauthenticated improper access control in management API and unauthenticated information disclosure in application API. These issues allow unauthorized administrative account creation, unauthorized service disruption and sensitive system information disclosure respectively. A remote attacker could exploit these vulnerabilities by sending specially crafted inputs.

Successful exploitation of these vulnerabilities could allow a remote attacker to trigger remote code execution, denial of service condition, data manipulation, privilege escalation and sensitive information disclosure on the targeted system.

Solution

Apply appropriate updates as mentioned by the vendor:

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US

Vendor Information

HPE Aruba

https://www.hpe.com/us/en/networking/hpe-aruba-networking.html

References

HPE Aruba

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05002en_us&docLocale=en_US

CVE Name

CVE-2026-23595

CVE-2026-23596

CVE-2026-23597

CVE-2026-23598

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmmMkTEACgkQ3jCgcSdc

ys+pAg//WdK37/1X+i+unHBE8hS+kptPab70wCFMzs0Z1w6bcrB1DnhqpMTlCm84

JKPVSnDbVUx6kYofnIr1msdOFPX8pBoyMriJQHixyUdAAUnMIW6dCGrcwyYXjky3

35fJDQf5NTt/6fYy4TQOMjC0URFQibjeJ6PEKCf06DF3cp6iJH6+nrKBbngM4iS3

PYmGDe6aQchZp5m6weG0L8JaSDPfn4xrk3F9Qq3AXUv/wNIZNeii/a9MwrMGdzxz

8yWu7wlIrhuw+Zm9wmYZ4G0hKsZOXQs74Cd+nBH6nCUDgE/oAIbRD+nxtfk9qkGo

izC2P1oQqXVV08kQ8CWzIafV/tG2jTSEHwXfLby8GvXv0pqC7KLBvWG/5uYZD5to

tXPu+3dqJKpWw34eaK3vFMz5p7/a0xih90xNYt40IcKysHnwjshVysek+cdrQNRU

oibocxoPH63ctwpmji6WQnhgNRTiLGakbyzCcRMehUnXiN5haYo3OoteXHXBv4yX

2jV66sKOHXdUHclumz8dkJ3Av7wMVFL9EGeLhG9JUmgU0amnLfcjpWk+41uBawVY

KgQ4K97P8UNIgj3HCRAalGhu/heEXJ+epBa4hFrvsrwKjYQE9YLT1ciwE/vkJxoS

0bEB7MwIdjpYELAhExrSSsDi49ng1suY0CpE2Y3tNnHb68AtB28=

=gmeF

—–END PGP SIGNATURE—–