HPE Aruba Networking Vulnerability Allows Privilege Escalation and DoS Attacks - cyberpress.org

Cyber Security NewsCybersecurityVulnerability Hewlett Packard Enterprise (HPE) recently disclosed critical flaws in its Aruba Networking Private 5G Core software. These issues allow remote attackers on adjacent networks to escalate privileges and launch denial-of-service (DoS) attacks. The advisory, HPESBNW05002, was published on February 10, 2026. Vulnerability Overview Four vulnerabilities affect HPE Aruba Networking Private 5G Core versions 1.24.3.0 through 1.24.3.3. They stem from flaws in the application and management APIs, enabling unauthenticated exploits. No workaround exists, so upgrading is essential. CVE-2026-23595 is the most severe, with a CVSS score of 8.8 (High). It allows authentication bypass in the application API, letting attackers create admin accounts for full control, including config changes and data manipulation. Attackers need adjacent network access (AV:A). CVE-2026-23596 (CVSS 6.5, Medium) enables DoS via the management API. Unauthenticated users can force service restarts, disrupting 5G core availability. CVE-2026-23597 and CVE-2026-23598 (both CVSS 6.5, Medium) leak sensitive info like user accounts, roles, and configs through API errors. This aids further attacks when chained with others. CVE ID CVSS v3.1 Score Impact Type Vector CVE-2026-23595 8.8 Privilege Escalation AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-23596 6.5 DoS (Service Restart) AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-23597 6.5 Info Disclosure AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2026-23598 6.5 Info Disclosure AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Canada’s Communications Security Establishment (CSE) found these flaws. Versions below 1.24.2.2 and 1.25.1.0+ are safe. Private 5G setups in enterprises face high risk from network-adjacent threats. Upgrade to 1.25.1.0 or later via HPE’s portal. Segment networks to block adjacent access. Monitor API traffic for anomalies. HPE urges prompt action to protect 5G infrastructure integrity. Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.