Primary

Context

HPE ArubaOS-CX Platform-Level Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in ArubaOS-CX software, specifically in versions AOS-CX 10.16.1000 and below, AOS-CX 10.15.1020 and below, AOS-CX 10.14.1050 and below, AOS-CX 10.13.1090 and below, and AOS-CX 10.10.1160 and below. This vulnerability allows an attacker with administrative access to execute code that renders the switch non-bootable and effectively non-functional.

Impact

Exploitation of this vulnerability could lead to the switch becoming non-bootable and non-functional.

Remediation

Users are advised to upgrade to AOS-CX 10.16.1001 and above, AOS-CX 10.15.1030 and above, AOS-CX 10.14.1060 and above, AOS-CX 10.13.1101 and above, or AOS-CX 10.10.1170 and above. These updated versions can be downloaded from the HPE Networking Support Portal.

Added: Nov 18, 2025, 7:31 PM

Updated: Nov 18, 2025, 7:31 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.4

remediation

7.9

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.4

remediation

7.9

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HPE ArubaOS-CX Platform-Level Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

ArubaOS-CX

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating