-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 HPE Aruba Networking Product Security Advisory ============================================= Advisory ID: HPESBNW04818 CVE: CVE-2025-25040, CVE-2025-25042, CVE-2025-27080 Publication Date: 2025-Mar-18 Status: Confirmed Severity: Medium Revision: 1 Title ===== HPE Aruba Networking AOS-CX Multiple Vulnerabilities Overview ======== HPE Aruba Networking has released patches to the AOS-CX to address multiple security vulnerabilities. Affected Products ================= HPE Aruba Networking AOS-CX Affected Software Version(s): - AOS-CX 10.15.xxxx: 10.15.1000 and below - AOS-CX 10.14.xxxx: 10.14.1030 and below - AOS-CX 10.13.xxxx: 10.13.1070 and below - AOS-CX 10.10.xxxx: 10.10.1140 and below Versions of AOS-CX that are ?End of Support? at the time of this advisory may be affected by these vulnerabilities unless otherwise indicated. Unaffected Products ================= Any other supported software versions not listed under the Affected Products section of this advisory are not known to be affected by the disclosed vulnerabilities. Details ====== Authenticated Sensitive Information Disclosure in AOS-CX Command Line Interface (CVE-2025-27080) --------------------------------------------------------------------- Vulnerabilities in the command line interface of AOS-CX could allow an authenticated remote attacker to expose sensitive information. Successful exploitation could allow an attacker to gain unauthorized access to services outside of the impacted switch, potentially leading to lateral movement involving those services. Internal References: ATLAX-101, ATLAX-100, ATLAX-99, ATLAX-94, ATLAX-93, ATLAX-92, ATLAX-91, ATLAX-90, ATLAX-88, ATLAX-87 Severity: Medium CVSSv3.1 Base Score: 6.0 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Discovery: This vulnerability was discovered and reported by HPE Aruba Networking's Engineering. Workaround: Use the secure-prompt or ciphertext configuration options when entering sensitive information. It is also recommended to change any secret keys and passwords that were previously entered in plain text to avoid exposure to this vulnerability. To learn more about the implementation of these options, consult the HPE Aruba Networking Technical Assistance Center (TAC). Authenticated Access Control Vulnerability allows Sensitive Information Disclosure in AOS-CX REST Interface (CVE-2025-25042) --------------------------------------------------------------------- A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation could allow an attacker to read encrypted credentials of other users on the switch, potentially leading to further unauthorized access or data breaches. Internal References: ATLAX-78 Severity: Medium CVSSv3.1 Base Score: 4.3 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Discovery: This vulnerability was discovered and reported by dugisan3rd through HPE Aruba Networking's Bug Bounty program Workaround: To minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above. Failure to Properly Enforce Port ACLs on CPU generated packets in CX 9300 Switches (CVE-2025-25040) --------------------------------------------------------------------- A vulnerability has been identified in the port ACL functionality of AOS-CX software running on the HPE Aruba Networking CX 9300 Switch Series only and affects: - AOS-CX 10.14.xxxx : All patches - AOS-CX 10.15.xxxx : 10.15.1000 and below The vulnerability is specific to traffic originated by the CX 9300 switch platform and could allow an attacker to bypass ACL rules applied to routed ports on egress. As a result, port ACLs are not correctly enforced, which could lead to unauthorized traffic flow and violations of security policies. Egress VLAN ACLs and Routed VLAN ACLs are not affected by this vulnerability. Internal Reference: ATLAX-86 Severity: Low CVSSv3.1 Base Score: 3.3 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Discovery: This vulnerability was discovered and reported by HPE Aruba Networking's Engineering. Workaround: None Resolution ========== To address the vulnerabilities described above in the affected software branches, it is recommended to upgrade HPE Aruba Networking AOS-CX to one of the following versions (as applicable): - AOS-CX 10.15.xxxx : AOS-CX 10.15.1005 and above - AOS-CX 10.14.xxxx : AOS-CX 10.14.1040 and above - AOS-CX 10.13.xxxx : AOS-CX 10.13.1080 and above - AOS-CX 10.10.xxxx : AOS-CX 10.10.1150 and above NOTE: (1) CVE-2025-25040 affects only HPE CX 9300 Switch Series and is only fixed in AOS CX 10.15.1005 and higher. HPE Aruba Networking CX 9300 customers are advised to upgrade to AOS-CX 10.15.1005 and above if running any of the following AOS-CX versions: - - AOS-CX 10.14.xxxx : All - - AOS-CX 10.15.xxxx : AOS-CX 10.15.1000 and below (2) To mitigate any risk of exposure due to CVE-2025-27080, it is also recommended to use secure-prompt or ciphertext configuration option and change any secret keys and passwords that were previously entered in plain text. Software versions with resolution/fixes for the vulnerabilities covered above can be downloaded from the HPE Networking Support Portal at https://networkingsupport.hpe.com/home/ HPE Aruba Networking does not evaluate or patch software branches that have reached their End of Maintenance (EoM) milestone. For more information about HPE Aruba Networking End of Life policy please visit: https://www.hpe.com/psnow/doc/a00143052enw Workaround ========== Vulnerability specific workarounds are listed per vulnerability above. You may contact HPE Services - Aruba Networking - for assistance if needed. Please visit HPE Aruba Networking Support Portal for more information. https://networkingsupport.hpe.com/home HPE Aruba Networking AOS-CX Security Hardening =========================================== For general information on hardening HPE Aruba Networking AOS-CX switches against security threats please refer to the HPE Aruba Networking AOS-CX Security Hardening Guides for your specific switch model and version of AOS-CX. The guides can be found at the following link: https://arubanetworking.hpe.com/techdocs/AOS-CX/help_portal/Content/home.htm Exploitation and Public Discussion ================================== HPE Aruba Networking is not aware of any public discussion or exploit code targeting these specific vulnerabilities as of the release date of the advisory. Revision History ================ Revision 1 / 2025-Mar-18 / Initial release HPE Aruba Networking SIRT Security Procedures ============================== Complete information on reporting security vulnerabilities in HPE Aruba Networking products and obtaining assistance with security incidents is available at: https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00100637en_us For reporting *NEW* HPE Aruba Networking security issues, email can be sent to aruba-sirt(at)hpe.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at: https://www.hpe.com/info/psrt-pgp-key (c) Copyright 2025 by Hewlett Packard Enterprise Development LP. This advisory may be redistributed freely after the release date given at the top of the text, provided that the redistributed copies are complete and unmodified, including all data and version information. -----BEGIN PGP SIGNATURE----- iQHLBAEBCAA1FiEEMErWmuZGsYOCo0+xpjMm7I0cE64FAmfQgpEXHHNlY3VyaXR5 LWFsZXJ0QGhwZS5jb20ACgkQpjMm7I0cE64X9gwApaIO/DEOrAWwqTxDcKBhA95d 1GUj2gKabfmiEbGOIQ6ezhI4jxwy7bgs+UEX6Af+LMsgC0XP9opoD9NvBJSbiYBK oRg/6aQbhccBkHKTFwT9FrrsiBVc8r1uc1wnhZGc8Xq9tzW1LM+ecvkXPplymh/k +EAHMynMqgSNhFpLKY3nt82BLVCLHGw6idFO6PXw8wtKb4uwV/9tnCB1u+GG8m8g orKAY6v1Hs4qmshQz+ATgy6fsG7UsKUjSTDMSoXqSJNZxW68VceBXGmfD90xYX+P Gl8uW+Keb+LeK1eh2kYbhsGn5OPDuAiH5rEuYXDVzoTm3cC9lhEZEFWOoJE9SbEn oWDXchPM64FvA1fHJZBAhrlRMHPxQxGbEOCUgNI5RjIvSI1geGgWyyVPCS+bIjhW peJlR8jhATMu+hCJuG3aLbp73FNRwBew71adicTJnZCKkTbgkWlxPJokrlvsNgE5 fy+iNrfpUWqaMOaGbOwSGRzLsGtfnHjZZS8XUU7i =lSzy -----END PGP SIGNATURE-----