HPE Aruba Networking AOS-CX Command Line Interface Sensitive Information Disclosure Vulnerability

A vulnerability exists in the command line interface of HPE Aruba Networking AOS-CX, allowing authenticated remote attackers to disclose sensitive information. Exploitation of this vulnerability could enable unauthorized access to services outside the affected switch, potentially facilitating lateral movement involving those services. This issue affects AOS-CX versions 10.15.1000 and below, 10.14.1030 and below, 10.13.1070 and below, and 10.10.1140 and below.

Impact

Successful exploitation could lead to unauthorized access to external services, allowing for lateral movement involving those services.

Remediation

Users are advised to upgrade to AOS-CX 10.15.1001 and above, 10.14.1040 and above, 10.13.1080 and above, or 10.10.1150 and above, depending on their current version. To mitigate the risk of exposure, it is recommended to use the secure-prompt or ciphertext configuration options when entering sensitive information and to change any secret keys and passwords that were previously entered in plain text.