Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for HPE Aruba Networking Wireless Operating System (AOS-10 & AOS-8) by Hewlett Packard Enterprise (HPE)

    CVE-2026-23809 (GCVE-0-2026-23809)

    Vulnerability from nvd – Published: 2026-03-04 16:10 – Updated: 2026-04-01 16:22
    VLAI
    Title
    MAC Address Spoofing leads to Inter-BSSID Isolation Bypass Resulting in Traffic Redirection
    Summary
    A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual ports, an attacker could potentially bypass inter-BSSID isolation controls. Successful exploitation may enable an attacker to redirect and intercept the victim's network traffic, potentially resulting in eavesdropping, session hijacking, or denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) HPE Aruba Networking Wireless Operating System (AOS-10 & AOS-8) Affected: 10.8.0.0 (semver)
    Affected: 10.7.0.0 , ≤ 10.7.2.2 (semver)
    Affected: 10.4.0.0 , ≤ 10.4.1.10 (semver)
    Affected: 8.13.0.0 , ≤ 8.13.1.1 (semver)
    Affected: 8.12.0.0 , ≤ 8.12.0.6 (semver)
    Affected: 8.10.0.0 , ≤ 8.10.0.21 (semver)
    Create a notification for this product.
    Credits
    Xin'an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan,Srikanth V. Krishnamurthy from University of California, and Mathy Vanhoef from DistriNet, KU Leuven
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23809",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-04T17:41:07.844389Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-04T17:41:44.119Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "HPE Aruba Networking Wireless Operating System (AOS-10 \u0026 AOS-8)",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.7.2.2",
                  "status": "affected",
                  "version": "10.7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.4.1.10",
                  "status": "affected",
                  "version": "10.4.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.1.1",
                  "status": "affected",
                  "version": "8.13.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0.6",
                  "status": "affected",
                  "version": "8.12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0.21",
                  "status": "affected",
                  "version": "8.10.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Xin\u0027an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan,Srikanth V. Krishnamurthy from University of California, and Mathy Vanhoef from DistriNet, KU Leuven"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual ports, an attacker could potentially bypass inter-BSSID isolation controls. Successful exploitation may enable an attacker to redirect and intercept the victim\u0027s network traffic, potentially resulting in eavesdropping, session hijacking, or denial of service.\u003c/p\u003e"
                }
              ],
              "value": "A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual ports, an attacker could potentially bypass inter-BSSID isolation controls. Successful exploitation may enable an attacker to redirect and intercept the victim\u0027s network traffic, potentially resulting in eavesdropping, session hijacking, or denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-01T16:22:10.710Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "advisory": "HPESBNW05026",
            "discovery": "EXTERNAL"
          },
          "title": "MAC Address Spoofing leads to Inter-BSSID Isolation Bypass Resulting in Traffic Redirection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2026-23809",
        "datePublished": "2026-03-04T16:10:02.829Z",
        "dateReserved": "2026-01-16T15:22:38.201Z",
        "dateUpdated": "2026-04-01T16:22:10.710Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-23808 (GCVE-0-2026-23808)

    Vulnerability from nvd – Published: 2026-03-04 16:09 – Updated: 2026-04-01 16:22
    VLAI
    Title
    Client Isolation Bypass via GTK Manipulation
    Summary
    A vulnerability has been identified in a standardized wireless roaming protocol that could enable a malicious actor to install an attacker-controlled Group Temporal Key (GTK) on a client device. Successful exploitation of this vulnerability could allow a remote malicious actor to perform unauthorized frame injection, bypass client isolation, interfere with cross-client traffic, and compromise network segmentation, integrity, and confidentiality.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) HPE Aruba Networking Wireless Operating System (AOS-10 & AOS-8) Affected: 10.8.0.0 (semver)
    Affected: 10.7.0.0 , ≤ 10.7.2.2 (semver)
    Affected: 10.4.0.0 , ≤ 10.4.1.10 (semver)
    Affected: 8.13.0.0 , ≤ 8.13.1.1 (semver)
    Affected: 8.12.0.0 , ≤ 8.12.0.6 (semver)
    Affected: 8.10.0.0 , ≤ 8.10.0.21 (semver)
    Create a notification for this product.
    Credits
    Xin'an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan,Srikanth V. Krishnamurthy from University of California, and Mathy Vanhoef from DistriNet, KU Leuven
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23808",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-04T17:39:52.989852Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-04T17:42:48.840Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "HPE Aruba Networking Wireless Operating System (AOS-10 \u0026 AOS-8)",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.7.2.2",
                  "status": "affected",
                  "version": "10.7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.4.1.10",
                  "status": "affected",
                  "version": "10.4.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.1.1",
                  "status": "affected",
                  "version": "8.13.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0.6",
                  "status": "affected",
                  "version": "8.12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0.21",
                  "status": "affected",
                  "version": "8.10.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Xin\u0027an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan,Srikanth V. Krishnamurthy from University of California, and Mathy Vanhoef from DistriNet, KU Leuven"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability has been identified in a standardized wireless roaming protocol that could enable a malicious actor to install an attacker-controlled Group Temporal Key (GTK) on a client device. Successful exploitation of this vulnerability could allow a remote malicious actor to perform unauthorized frame injection, bypass client isolation, interfere with cross-client traffic, and compromise network segmentation, integrity, and confidentiality.\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability has been identified in a standardized wireless roaming protocol that could enable a malicious actor to install an attacker-controlled Group Temporal Key (GTK) on a client device. Successful exploitation of this vulnerability could allow a remote malicious actor to perform unauthorized frame injection, bypass client isolation, interfere with cross-client traffic, and compromise network segmentation, integrity, and confidentiality."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-01T16:22:33.826Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "advisory": "HPESBNW05026",
            "discovery": "EXTERNAL"
          },
          "title": "Client Isolation Bypass via GTK Manipulation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2026-23808",
        "datePublished": "2026-03-04T16:09:17.967Z",
        "dateReserved": "2026-01-16T15:22:38.201Z",
        "dateUpdated": "2026-04-01T16:22:33.826Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-23601 (GCVE-0-2026-23601)

    Vulnerability from nvd – Published: 2026-03-04 16:07 – Updated: 2026-04-01 16:23
    VLAI
    Title
    Frame Injection via Shared GTK Allows Traffic Spoofing and Client Compromise
    Summary
    A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of tampered data to specific endpoints, bypassing standard cryptographic separation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) HPE Aruba Networking Wireless Operating System (AOS-10 & AOS-8) Affected: 10.8.0.0 (semver)
    Affected: 10.7.0.0 , ≤ 10.7.2.2 (semver)
    Affected: 10.4.0.0 , ≤ 10.4.1.10 (semver)
    Affected: 8.13.0.0 , ≤ 8.13.1.1 (semver)
    Affected: 8.12.0.0 , ≤ 8.12.0.6 (semver)
    Affected: 8.10.0.0 , ≤ 8.10.0.21 (semver)
    Create a notification for this product.
    Credits
    Xin'an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan,Srikanth V. Krishnamurthy from University of California, and Mathy Vanhoef from DistriNet, KU Leuven
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23601",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-04T17:52:14.142763Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-327",
                    "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-04T17:59:28.741Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "HPE Aruba Networking Wireless Operating System (AOS-10 \u0026 AOS-8)",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.7.2.2",
                  "status": "affected",
                  "version": "10.7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.4.1.10",
                  "status": "affected",
                  "version": "10.4.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.1.1",
                  "status": "affected",
                  "version": "8.13.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0.6",
                  "status": "affected",
                  "version": "8.12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0.21",
                  "status": "affected",
                  "version": "8.10.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Xin\u0027an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan,Srikanth V. Krishnamurthy from University of California, and Mathy Vanhoef from DistriNet, KU Leuven"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of tampered data to specific endpoints, bypassing standard cryptographic separation.\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of tampered data to specific endpoints, bypassing standard cryptographic separation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-01T16:23:06.986Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "advisory": "HPESBNW05026",
            "discovery": "EXTERNAL"
          },
          "title": "Frame Injection via Shared GTK Allows Traffic Spoofing and Client Compromise",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2026-23601",
        "datePublished": "2026-03-04T16:07:42.929Z",
        "dateReserved": "2026-01-14T15:40:17.991Z",
        "dateUpdated": "2026-04-01T16:23:06.986Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-23809 (GCVE-0-2026-23809)

    Vulnerability from cvelistv5 – Published: 2026-03-04 16:10 – Updated: 2026-04-01 16:22
    VLAI
    Title
    MAC Address Spoofing leads to Inter-BSSID Isolation Bypass Resulting in Traffic Redirection
    Summary
    A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual ports, an attacker could potentially bypass inter-BSSID isolation controls. Successful exploitation may enable an attacker to redirect and intercept the victim's network traffic, potentially resulting in eavesdropping, session hijacking, or denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) HPE Aruba Networking Wireless Operating System (AOS-10 & AOS-8) Affected: 10.8.0.0 (semver)
    Affected: 10.7.0.0 , ≤ 10.7.2.2 (semver)
    Affected: 10.4.0.0 , ≤ 10.4.1.10 (semver)
    Affected: 8.13.0.0 , ≤ 8.13.1.1 (semver)
    Affected: 8.12.0.0 , ≤ 8.12.0.6 (semver)
    Affected: 8.10.0.0 , ≤ 8.10.0.21 (semver)
    Create a notification for this product.
    Credits
    Xin'an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan,Srikanth V. Krishnamurthy from University of California, and Mathy Vanhoef from DistriNet, KU Leuven
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23809",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-04T17:41:07.844389Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-04T17:41:44.119Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "HPE Aruba Networking Wireless Operating System (AOS-10 \u0026 AOS-8)",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.7.2.2",
                  "status": "affected",
                  "version": "10.7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.4.1.10",
                  "status": "affected",
                  "version": "10.4.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.1.1",
                  "status": "affected",
                  "version": "8.13.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0.6",
                  "status": "affected",
                  "version": "8.12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0.21",
                  "status": "affected",
                  "version": "8.10.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Xin\u0027an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan,Srikanth V. Krishnamurthy from University of California, and Mathy Vanhoef from DistriNet, KU Leuven"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual ports, an attacker could potentially bypass inter-BSSID isolation controls. Successful exploitation may enable an attacker to redirect and intercept the victim\u0027s network traffic, potentially resulting in eavesdropping, session hijacking, or denial of service.\u003c/p\u003e"
                }
              ],
              "value": "A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual ports, an attacker could potentially bypass inter-BSSID isolation controls. Successful exploitation may enable an attacker to redirect and intercept the victim\u0027s network traffic, potentially resulting in eavesdropping, session hijacking, or denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-01T16:22:10.710Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "advisory": "HPESBNW05026",
            "discovery": "EXTERNAL"
          },
          "title": "MAC Address Spoofing leads to Inter-BSSID Isolation Bypass Resulting in Traffic Redirection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2026-23809",
        "datePublished": "2026-03-04T16:10:02.829Z",
        "dateReserved": "2026-01-16T15:22:38.201Z",
        "dateUpdated": "2026-04-01T16:22:10.710Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-23808 (GCVE-0-2026-23808)

    Vulnerability from cvelistv5 – Published: 2026-03-04 16:09 – Updated: 2026-04-01 16:22
    VLAI
    Title
    Client Isolation Bypass via GTK Manipulation
    Summary
    A vulnerability has been identified in a standardized wireless roaming protocol that could enable a malicious actor to install an attacker-controlled Group Temporal Key (GTK) on a client device. Successful exploitation of this vulnerability could allow a remote malicious actor to perform unauthorized frame injection, bypass client isolation, interfere with cross-client traffic, and compromise network segmentation, integrity, and confidentiality.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) HPE Aruba Networking Wireless Operating System (AOS-10 & AOS-8) Affected: 10.8.0.0 (semver)
    Affected: 10.7.0.0 , ≤ 10.7.2.2 (semver)
    Affected: 10.4.0.0 , ≤ 10.4.1.10 (semver)
    Affected: 8.13.0.0 , ≤ 8.13.1.1 (semver)
    Affected: 8.12.0.0 , ≤ 8.12.0.6 (semver)
    Affected: 8.10.0.0 , ≤ 8.10.0.21 (semver)
    Create a notification for this product.
    Credits
    Xin'an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan,Srikanth V. Krishnamurthy from University of California, and Mathy Vanhoef from DistriNet, KU Leuven
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23808",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-04T17:39:52.989852Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-04T17:42:48.840Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "HPE Aruba Networking Wireless Operating System (AOS-10 \u0026 AOS-8)",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.7.2.2",
                  "status": "affected",
                  "version": "10.7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.4.1.10",
                  "status": "affected",
                  "version": "10.4.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.1.1",
                  "status": "affected",
                  "version": "8.13.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0.6",
                  "status": "affected",
                  "version": "8.12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0.21",
                  "status": "affected",
                  "version": "8.10.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Xin\u0027an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan,Srikanth V. Krishnamurthy from University of California, and Mathy Vanhoef from DistriNet, KU Leuven"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability has been identified in a standardized wireless roaming protocol that could enable a malicious actor to install an attacker-controlled Group Temporal Key (GTK) on a client device. Successful exploitation of this vulnerability could allow a remote malicious actor to perform unauthorized frame injection, bypass client isolation, interfere with cross-client traffic, and compromise network segmentation, integrity, and confidentiality.\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability has been identified in a standardized wireless roaming protocol that could enable a malicious actor to install an attacker-controlled Group Temporal Key (GTK) on a client device. Successful exploitation of this vulnerability could allow a remote malicious actor to perform unauthorized frame injection, bypass client isolation, interfere with cross-client traffic, and compromise network segmentation, integrity, and confidentiality."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-01T16:22:33.826Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "advisory": "HPESBNW05026",
            "discovery": "EXTERNAL"
          },
          "title": "Client Isolation Bypass via GTK Manipulation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2026-23808",
        "datePublished": "2026-03-04T16:09:17.967Z",
        "dateReserved": "2026-01-16T15:22:38.201Z",
        "dateUpdated": "2026-04-01T16:22:33.826Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-23601 (GCVE-0-2026-23601)

    Vulnerability from cvelistv5 – Published: 2026-03-04 16:07 – Updated: 2026-04-01 16:23
    VLAI
    Title
    Frame Injection via Shared GTK Allows Traffic Spoofing and Client Compromise
    Summary
    A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of tampered data to specific endpoints, bypassing standard cryptographic separation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) HPE Aruba Networking Wireless Operating System (AOS-10 & AOS-8) Affected: 10.8.0.0 (semver)
    Affected: 10.7.0.0 , ≤ 10.7.2.2 (semver)
    Affected: 10.4.0.0 , ≤ 10.4.1.10 (semver)
    Affected: 8.13.0.0 , ≤ 8.13.1.1 (semver)
    Affected: 8.12.0.0 , ≤ 8.12.0.6 (semver)
    Affected: 8.10.0.0 , ≤ 8.10.0.21 (semver)
    Create a notification for this product.
    Credits
    Xin'an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan,Srikanth V. Krishnamurthy from University of California, and Mathy Vanhoef from DistriNet, KU Leuven
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23601",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-04T17:52:14.142763Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-327",
                    "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-04T17:59:28.741Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "HPE Aruba Networking Wireless Operating System (AOS-10 \u0026 AOS-8)",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.7.2.2",
                  "status": "affected",
                  "version": "10.7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.4.1.10",
                  "status": "affected",
                  "version": "10.4.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.1.1",
                  "status": "affected",
                  "version": "8.13.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0.6",
                  "status": "affected",
                  "version": "8.12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0.21",
                  "status": "affected",
                  "version": "8.10.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Xin\u0027an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan,Srikanth V. Krishnamurthy from University of California, and Mathy Vanhoef from DistriNet, KU Leuven"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of tampered data to specific endpoints, bypassing standard cryptographic separation.\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of tampered data to specific endpoints, bypassing standard cryptographic separation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-01T16:23:06.986Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "advisory": "HPESBNW05026",
            "discovery": "EXTERNAL"
          },
          "title": "Frame Injection via Shared GTK Allows Traffic Spoofing and Client Compromise",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2026-23601",
        "datePublished": "2026-03-04T16:07:42.929Z",
        "dateReserved": "2026-01-14T15:40:17.991Z",
        "dateUpdated": "2026-04-01T16:23:06.986Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }