7.5
CVE-2026-23825
- EPSS 0.07%
- Veröffentlicht 12.05.2026 18:52:50
- Zuletzt bearbeitet 15.05.2026 12:44:47
- Quelle security-alert@hpe.com
- CVE-Watchlists
- Unerledigt
LoginUnauthenticated Denial-of-Service via Crafted Messages in a Network Protocol Handling Component
Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may terminate a critical system process, resulting in a denial-of-service condition.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Arubanetworks ≫ Arubaos Version >= 6.5.4.0 < 8.10.0.22
Arubanetworks ≫ Arubaos Version >= 8.11.0.0 < 8.12.0.7
Arubanetworks ≫ Arubaos Version >= 8.13.0.0 < 8.13.1.2
Arubanetworks ≫ Arubaos Version >= 10.4.0.0 < 10.4.1.11
Arubanetworks ≫ Arubaos Version >= 10.5.0.0 < 10.7.2.3
Arubanetworks ≫ Sd-wan Version >= 8.6.0.4-2.2.0.0 <= 8.6.0.4-2.2.0.7
Arubanetworks ≫ Sd-wan Version >= 8.7.0.0-2.3.0.0 <= 8.7.0.0-2.3.0.9
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.207 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-alert@hpe.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.