Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for HPE Aruba Networking Wireless Operating Systems (AOS-8 & AOS-10) by Hewlett Packard Enterprise (HPE)

    CVE-2026-23812 (GCVE-0-2026-23812)

    Vulnerability from nvd – Published: 2026-03-04 16:13 – Updated: 2026-04-01 16:21
    VLAI
    Title
    Security Boundary Bypass via Routing Node Impersonation
    Summary
    A vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway by leveraging an address-based spoofing technique. Successful exploitation enables the redirection of data streams, allowing for the interception or modification of traffic intended for the legitimate network gateway via a Machine-in-the-Middle (MitM) position.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-300 - Channel Accessible by Non-Endpoint
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) HPE Aruba Networking Wireless Operating Systems (AOS-8 & AOS-10) Affected: 10.8.0.0 (semver)
    Affected: 10.7.0.0 , ≤ 10.7.2.2 (semver)
    Affected: 10.4.0.0 , ≤ 10.4.1.10 (semver)
    Affected: 8.13.0.0 , ≤ 8.13.1.1 (semver)
    Affected: 8.12.0.0 , ≤ 8.12.0.6 (semver)
    Affected: 8.10.0.0 , ≤ 8.10.0.21 (semver)
    Create a notification for this product.
    Credits
    Xin'an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan,Srikanth V. Krishnamurthy from University of California, and Mathy Vanhoef from DistriNet, KU Leuven
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23812",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-04T17:47:35.522639Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-300",
                    "description": "CWE-300 Channel Accessible by Non-Endpoint",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-04T17:47:54.403Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "HPE Aruba Networking Wireless Operating Systems (AOS-8 \u0026 AOS-10)",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.7.2.2",
                  "status": "affected",
                  "version": "10.7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.4.1.10",
                  "status": "affected",
                  "version": "10.4.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.1.1",
                  "status": "affected",
                  "version": "8.13.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0.6",
                  "status": "affected",
                  "version": "8.12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0.21",
                  "status": "affected",
                  "version": "8.10.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Xin\u0027an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan,Srikanth V. Krishnamurthy from University of California, and Mathy Vanhoef from DistriNet, KU Leuven"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway by leveraging an address-based spoofing technique. Successful exploitation enables the redirection of data streams, allowing for the interception or modification of traffic intended for the legitimate network gateway via a Machine-in-the-Middle (MitM) position.\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway by leveraging an address-based spoofing technique. Successful exploitation enables the redirection of data streams, allowing for the interception or modification of traffic intended for the legitimate network gateway via a Machine-in-the-Middle (MitM) position."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-01T16:21:09.805Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "advisory": "HPESBNW05026",
            "discovery": "EXTERNAL"
          },
          "title": "Security Boundary Bypass via Routing Node Impersonation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2026-23812",
        "datePublished": "2026-03-04T16:13:48.086Z",
        "dateReserved": "2026-01-16T15:22:38.202Z",
        "dateUpdated": "2026-04-01T16:21:09.805Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-23811 (GCVE-0-2026-23811)

    Vulnerability from nvd – Published: 2026-03-04 16:12 – Updated: 2026-04-01 16:21
    VLAI
    Title
    Unauthorized Bi-Directional Traffic Interception via L2/L3 Manipulation
    Summary
    A vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 (L2) communication restrictions between clients and redirect traffic at Layer 3 (L3). In addition to bypassing policy enforcement, successful exploitation - when combined with a port-stealing attack - may enable a bi-directional Machine-in-the-Middle (MitM) attack.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-300 - Channel Accessible by Non-Endpoint
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) HPE Aruba Networking Wireless Operating Systems (AOS-8 & AOS-10) Affected: 10.8.0.0 (semver)
    Affected: 10.7.0.0 , ≤ 10.7.2.2 (semver)
    Affected: 10.4.0.0 , ≤ 10.4.1.10 (semver)
    Affected: 8.13.0.0 , ≤ 8.13.1.1 (semver)
    Affected: 8.12.0.0 , ≤ 8.12.0.6 (semver)
    Affected: 8.10.0.0 , ≤ 8.10.0.21 (semver)
    Create a notification for this product.
    Credits
    Xin'an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan,Srikanth V. Krishnamurthy from University of California, and Mathy Vanhoef from DistriNet, KU Leuven
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23811",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-04T17:46:38.750950Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-300",
                    "description": "CWE-300 Channel Accessible by Non-Endpoint",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-04T17:47:01.196Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "HPE Aruba Networking Wireless Operating Systems (AOS-8 \u0026 AOS-10)",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.7.2.2",
                  "status": "affected",
                  "version": "10.7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.4.1.10",
                  "status": "affected",
                  "version": "10.4.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.1.1",
                  "status": "affected",
                  "version": "8.13.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0.6",
                  "status": "affected",
                  "version": "8.12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0.21",
                  "status": "affected",
                  "version": "8.10.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Xin\u0027an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan,Srikanth V. Krishnamurthy from University of California, and Mathy Vanhoef from DistriNet, KU Leuven"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 (L2) communication restrictions between clients and redirect traffic at Layer 3 (L3). In addition to bypassing policy enforcement, successful exploitation - when combined with a port-stealing attack - may enable a bi-directional Machine-in-the-Middle (MitM) attack.\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 (L2) communication restrictions between clients and redirect traffic at Layer 3 (L3). In addition to bypassing policy enforcement, successful exploitation - when combined with a port-stealing attack - may enable a bi-directional Machine-in-the-Middle (MitM) attack."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-01T16:21:29.217Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "advisory": "HPESBNW05026",
            "discovery": "EXTERNAL"
          },
          "title": "Unauthorized Bi-Directional Traffic Interception via L2/L3 Manipulation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2026-23811",
        "datePublished": "2026-03-04T16:12:32.715Z",
        "dateReserved": "2026-01-16T15:22:38.201Z",
        "dateUpdated": "2026-04-01T16:21:29.217Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-23810 (GCVE-0-2026-23810)

    Vulnerability from nvd – Published: 2026-03-04 16:11 – Updated: 2026-04-01 16:21
    VLAI
    Title
    Cross-BSSID GTK Re-encryption and Traffic Injection
    Summary
    A vulnerability in the packet processing logic may allow an authenticated attacker to craft and transmit a malicious Wi-Fi frame that causes an Access Point (AP) to classify the frame as group-addressed traffic and re-encrypt it using the Group Temporal Key (GTK) associated with the victim's BSSID. Successful exploitation may enable GTK-independent traffic injection and, when combined with a port-stealing technique, allows an attacker to redirect intercepted traffic to facilitate machine-in-the-middle (MitM) attacks across BSSID boundaries.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-300 - Channel Accessible by Non-Endpoint
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) HPE Aruba Networking Wireless Operating Systems (AOS-8 & AOS-10) Affected: 10.8.0.0 (semver)
    Affected: 10.7.0.0 , ≤ 10.7.2.2 (semver)
    Affected: 10.4.0.0 , ≤ 10.4.1.10 (semver)
    Affected: 8.13.0.0 , ≤ 8.13.1.1 (semver)
    Affected: 8.12.0.0 , ≤ 8.12.0.6 (semver)
    Affected: 8.10.0.0 , ≤ 8.10.0.21 (semver)
    Create a notification for this product.
    Credits
    Xin'an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan,Srikanth V. Krishnamurthy from University of California, and Mathy Vanhoef from DistriNet, KU Leuven
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23810",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-04T17:43:24.944016Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-300",
                    "description": "CWE-300 Channel Accessible by Non-Endpoint",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-04T17:46:09.493Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "HPE Aruba Networking Wireless Operating Systems (AOS-8 \u0026 AOS-10)",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.7.2.2",
                  "status": "affected",
                  "version": "10.7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.4.1.10",
                  "status": "affected",
                  "version": "10.4.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.1.1",
                  "status": "affected",
                  "version": "8.13.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0.6",
                  "status": "affected",
                  "version": "8.12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0.21",
                  "status": "affected",
                  "version": "8.10.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Xin\u0027an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan,Srikanth V. Krishnamurthy from University of California, and Mathy Vanhoef from DistriNet, KU Leuven"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability in the packet processing logic may allow an authenticated attacker to craft and transmit a malicious Wi-Fi frame that causes an Access Point (AP) to classify the frame as group-addressed traffic and re-encrypt it using the Group Temporal Key (GTK) associated with the victim\u0027s BSSID. Successful exploitation may enable GTK-independent traffic injection and, when combined with a port-stealing technique, allows an attacker to redirect intercepted traffic to facilitate machine-in-the-middle (MitM) attacks across BSSID boundaries.\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability in the packet processing logic may allow an authenticated attacker to craft and transmit a malicious Wi-Fi frame that causes an Access Point (AP) to classify the frame as group-addressed traffic and re-encrypt it using the Group Temporal Key (GTK) associated with the victim\u0027s BSSID. Successful exploitation may enable GTK-independent traffic injection and, when combined with a port-stealing technique, allows an attacker to redirect intercepted traffic to facilitate machine-in-the-middle (MitM) attacks across BSSID boundaries."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-01T16:21:49.641Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "advisory": "HPESBNW05026",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-BSSID GTK Re-encryption and Traffic Injection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2026-23810",
        "datePublished": "2026-03-04T16:11:35.964Z",
        "dateReserved": "2026-01-16T15:22:38.201Z",
        "dateUpdated": "2026-04-01T16:21:49.641Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-23812 (GCVE-0-2026-23812)

    Vulnerability from cvelistv5 – Published: 2026-03-04 16:13 – Updated: 2026-04-01 16:21
    VLAI
    Title
    Security Boundary Bypass via Routing Node Impersonation
    Summary
    A vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway by leveraging an address-based spoofing technique. Successful exploitation enables the redirection of data streams, allowing for the interception or modification of traffic intended for the legitimate network gateway via a Machine-in-the-Middle (MitM) position.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-300 - Channel Accessible by Non-Endpoint
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) HPE Aruba Networking Wireless Operating Systems (AOS-8 & AOS-10) Affected: 10.8.0.0 (semver)
    Affected: 10.7.0.0 , ≤ 10.7.2.2 (semver)
    Affected: 10.4.0.0 , ≤ 10.4.1.10 (semver)
    Affected: 8.13.0.0 , ≤ 8.13.1.1 (semver)
    Affected: 8.12.0.0 , ≤ 8.12.0.6 (semver)
    Affected: 8.10.0.0 , ≤ 8.10.0.21 (semver)
    Create a notification for this product.
    Credits
    Xin'an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan,Srikanth V. Krishnamurthy from University of California, and Mathy Vanhoef from DistriNet, KU Leuven
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23812",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-04T17:47:35.522639Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-300",
                    "description": "CWE-300 Channel Accessible by Non-Endpoint",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-04T17:47:54.403Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "HPE Aruba Networking Wireless Operating Systems (AOS-8 \u0026 AOS-10)",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.7.2.2",
                  "status": "affected",
                  "version": "10.7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.4.1.10",
                  "status": "affected",
                  "version": "10.4.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.1.1",
                  "status": "affected",
                  "version": "8.13.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0.6",
                  "status": "affected",
                  "version": "8.12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0.21",
                  "status": "affected",
                  "version": "8.10.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Xin\u0027an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan,Srikanth V. Krishnamurthy from University of California, and Mathy Vanhoef from DistriNet, KU Leuven"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway by leveraging an address-based spoofing technique. Successful exploitation enables the redirection of data streams, allowing for the interception or modification of traffic intended for the legitimate network gateway via a Machine-in-the-Middle (MitM) position.\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway by leveraging an address-based spoofing technique. Successful exploitation enables the redirection of data streams, allowing for the interception or modification of traffic intended for the legitimate network gateway via a Machine-in-the-Middle (MitM) position."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-01T16:21:09.805Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "advisory": "HPESBNW05026",
            "discovery": "EXTERNAL"
          },
          "title": "Security Boundary Bypass via Routing Node Impersonation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2026-23812",
        "datePublished": "2026-03-04T16:13:48.086Z",
        "dateReserved": "2026-01-16T15:22:38.202Z",
        "dateUpdated": "2026-04-01T16:21:09.805Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-23811 (GCVE-0-2026-23811)

    Vulnerability from cvelistv5 – Published: 2026-03-04 16:12 – Updated: 2026-04-01 16:21
    VLAI
    Title
    Unauthorized Bi-Directional Traffic Interception via L2/L3 Manipulation
    Summary
    A vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 (L2) communication restrictions between clients and redirect traffic at Layer 3 (L3). In addition to bypassing policy enforcement, successful exploitation - when combined with a port-stealing attack - may enable a bi-directional Machine-in-the-Middle (MitM) attack.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-300 - Channel Accessible by Non-Endpoint
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) HPE Aruba Networking Wireless Operating Systems (AOS-8 & AOS-10) Affected: 10.8.0.0 (semver)
    Affected: 10.7.0.0 , ≤ 10.7.2.2 (semver)
    Affected: 10.4.0.0 , ≤ 10.4.1.10 (semver)
    Affected: 8.13.0.0 , ≤ 8.13.1.1 (semver)
    Affected: 8.12.0.0 , ≤ 8.12.0.6 (semver)
    Affected: 8.10.0.0 , ≤ 8.10.0.21 (semver)
    Create a notification for this product.
    Credits
    Xin'an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan,Srikanth V. Krishnamurthy from University of California, and Mathy Vanhoef from DistriNet, KU Leuven
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23811",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-04T17:46:38.750950Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-300",
                    "description": "CWE-300 Channel Accessible by Non-Endpoint",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-04T17:47:01.196Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "HPE Aruba Networking Wireless Operating Systems (AOS-8 \u0026 AOS-10)",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.7.2.2",
                  "status": "affected",
                  "version": "10.7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.4.1.10",
                  "status": "affected",
                  "version": "10.4.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.1.1",
                  "status": "affected",
                  "version": "8.13.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0.6",
                  "status": "affected",
                  "version": "8.12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0.21",
                  "status": "affected",
                  "version": "8.10.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Xin\u0027an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan,Srikanth V. Krishnamurthy from University of California, and Mathy Vanhoef from DistriNet, KU Leuven"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 (L2) communication restrictions between clients and redirect traffic at Layer 3 (L3). In addition to bypassing policy enforcement, successful exploitation - when combined with a port-stealing attack - may enable a bi-directional Machine-in-the-Middle (MitM) attack.\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 (L2) communication restrictions between clients and redirect traffic at Layer 3 (L3). In addition to bypassing policy enforcement, successful exploitation - when combined with a port-stealing attack - may enable a bi-directional Machine-in-the-Middle (MitM) attack."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-01T16:21:29.217Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "advisory": "HPESBNW05026",
            "discovery": "EXTERNAL"
          },
          "title": "Unauthorized Bi-Directional Traffic Interception via L2/L3 Manipulation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2026-23811",
        "datePublished": "2026-03-04T16:12:32.715Z",
        "dateReserved": "2026-01-16T15:22:38.201Z",
        "dateUpdated": "2026-04-01T16:21:29.217Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-23810 (GCVE-0-2026-23810)

    Vulnerability from cvelistv5 – Published: 2026-03-04 16:11 – Updated: 2026-04-01 16:21
    VLAI
    Title
    Cross-BSSID GTK Re-encryption and Traffic Injection
    Summary
    A vulnerability in the packet processing logic may allow an authenticated attacker to craft and transmit a malicious Wi-Fi frame that causes an Access Point (AP) to classify the frame as group-addressed traffic and re-encrypt it using the Group Temporal Key (GTK) associated with the victim's BSSID. Successful exploitation may enable GTK-independent traffic injection and, when combined with a port-stealing technique, allows an attacker to redirect intercepted traffic to facilitate machine-in-the-middle (MitM) attacks across BSSID boundaries.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-300 - Channel Accessible by Non-Endpoint
    Assigner
    hpe
    Impacted products
    Vendor Product Version
    Hewlett Packard Enterprise (HPE) HPE Aruba Networking Wireless Operating Systems (AOS-8 & AOS-10) Affected: 10.8.0.0 (semver)
    Affected: 10.7.0.0 , ≤ 10.7.2.2 (semver)
    Affected: 10.4.0.0 , ≤ 10.4.1.10 (semver)
    Affected: 8.13.0.0 , ≤ 8.13.1.1 (semver)
    Affected: 8.12.0.0 , ≤ 8.12.0.6 (semver)
    Affected: 8.10.0.0 , ≤ 8.10.0.21 (semver)
    Create a notification for this product.
    Credits
    Xin'an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan,Srikanth V. Krishnamurthy from University of California, and Mathy Vanhoef from DistriNet, KU Leuven
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-23810",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-04T17:43:24.944016Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-300",
                    "description": "CWE-300 Channel Accessible by Non-Endpoint",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-04T17:46:09.493Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "HPE Aruba Networking Wireless Operating Systems (AOS-8 \u0026 AOS-10)",
              "vendor": "Hewlett Packard Enterprise (HPE)",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.7.2.2",
                  "status": "affected",
                  "version": "10.7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "10.4.1.10",
                  "status": "affected",
                  "version": "10.4.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.1.1",
                  "status": "affected",
                  "version": "8.13.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0.6",
                  "status": "affected",
                  "version": "8.12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0.21",
                  "status": "affected",
                  "version": "8.10.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Xin\u0027an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan,Srikanth V. Krishnamurthy from University of California, and Mathy Vanhoef from DistriNet, KU Leuven"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability in the packet processing logic may allow an authenticated attacker to craft and transmit a malicious Wi-Fi frame that causes an Access Point (AP) to classify the frame as group-addressed traffic and re-encrypt it using the Group Temporal Key (GTK) associated with the victim\u0027s BSSID. Successful exploitation may enable GTK-independent traffic injection and, when combined with a port-stealing technique, allows an attacker to redirect intercepted traffic to facilitate machine-in-the-middle (MitM) attacks across BSSID boundaries.\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability in the packet processing logic may allow an authenticated attacker to craft and transmit a malicious Wi-Fi frame that causes an Access Point (AP) to classify the frame as group-addressed traffic and re-encrypt it using the Group Temporal Key (GTK) associated with the victim\u0027s BSSID. Successful exploitation may enable GTK-independent traffic injection and, when combined with a port-stealing technique, allows an attacker to redirect intercepted traffic to facilitate machine-in-the-middle (MitM) attacks across BSSID boundaries."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-01T16:21:49.641Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us\u0026docLocale=en_US"
            }
          ],
          "source": {
            "advisory": "HPESBNW05026",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-BSSID GTK Re-encryption and Traffic Injection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2026-23810",
        "datePublished": "2026-03-04T16:11:35.964Z",
        "dateReserved": "2026-01-16T15:22:38.201Z",
        "dateUpdated": "2026-04-01T16:21:49.641Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }