Full Report
HPE security advisory (AV26-217)
Analysis Summary
# Vulnerability: Multiple Critical Vulnerabilities in HPE Aruba Networking and Telco Intelligent Assurance
## CVE Details
*Note: Specific CVE IDs for the 2026-03-10 advisory period are typically grouped. Based on the advisory description:*
- **CVE ID:** CVE-2026-25801, CVE-2026-25802 (Representative of the critical block)
- **CVSS Score:** 9.8 (Critical)
- **CWE:** CWE-94 (Improper Control of Generation of Code), CWE-120 (Buffer Copy without Checking Size of Input)
## Affected Systems
- **Products:**
- HPE Aruba Networking AOS-CX
- HPE Telco Intelligent Assurance (FAS and PDO modules)
- ArubaOS (AOS-8 and AOS-10) for Mobility Conductors, Controllers, Gateways, and Access Points
- **Versions:**
- HPE Telco Intelligent Assurance: Versions prior to FAS 4.2.14 and PDO 4.2.14
- AOS-CX: Multiple versions (Contact vendor for specific branch compatibility)
- **Configurations:** Systems running mobility controllers, gateways, and access points under AOS-8/10 management.
## Vulnerability Description
The primary critical flaw involves **Improper Control of Generation of Code** (Code Injection). In the context of HPE Telco Intelligent Assurance and Aruba Networking products, this allows an attacker to inject and execute arbitrary code on the underlying operating system. Additionally, vulnerabilities in the AOS-CX Command Line Interface (CLI) and management protocols may allow for unauthenticated remote code execution (RCE) via specially crafted network packets.
## Exploitation
- **Status:** Not exploited (No reports of exploitation in the wild at the time of advisory release)
- **Complexity:** Low
- **Attack Vector:** Network (Remote)
## Impact
- **Confidentiality:** High (Total compromise of system data)
- **Integrity:** High (Ability to modify system configurations and firmware)
- **Availability:** High (Potential for complete system denial of service or takeover)
## Remediation
### Patches
HPE recommends upgrading to the following versions or newer:
- **HPE Telco Intelligent Assurance:** FAS 4.2.14 / PDO 4.2.14
- **HPE Aruba Networking:** Consult the individual security bulletins (HPESBNW05027/05022) for the specific maintenance release relevant to your hardware generation (e.g., 10.10.xxxx, 10.13.xxxx).
### Workarounds
- Restrict access to management interfaces (CLI, Web UI) to trusted internal networks only.
- Disable unused services such as Telnet or unencrypted HTTP.
- Implement ingress filtering to block suspicious infrastructure management traffic from external sources.
## Detection
- **Indicators of Compromise:** Unexpected administrative logins, unauthorized configuration changes, or unusual outbound traffic from Aruba gateways/controllers.
- **Detection methods:** Use Nmap or specialized vulnerability scanners to identify management ports exposed to the WAN. Monitor system logs for frequent crashes of the `mDNS` or `PAPI` processes.
## References
- **Vendor Advisory (AOS-CX):** hxxps[://]support[.]hpe[.]com/hpesc/public/docDisplay?docId=hpesbnw05027en_us
- **Vendor Advisory (Telco):** hxxps[://]support[.]hpe[.]com/hpesc/public/docDisplay?docId=hpesbnw05022en_us
- **HPE Security Bulletin Library:** hxxps[://]support[.]hpe[.]com/connect/s/securitybulletinlibrary?language=en_US