Cyber Resilience

CVE-2026-23813

Critical

Published: 11 March 2026

Published
11 March 2026
Modified
11 March 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0074 49.7th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-23813 is a critical-severity Improper Authentication (CWE-287) vulnerability in Hpe (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 49.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).

Deeper analysis

CVE-2026-23813 is a critical vulnerability (CVSS 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) published on 2026-03-11, affecting the web-based management interface of AOS-CX switches. Classified under CWE-287 (Improper Authentication), it enables an unauthenticated remote actor to circumvent existing authentication controls. In some cases, this bypass allows resetting the admin password, providing a pathway to unauthorized administrative access.

Any unauthenticated attacker with network access to the management interface can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation could achieve high impacts on confidentiality, integrity, and availability, such as gaining full administrative control over the switch through password reset, potentially leading to complete device compromise.

Mitigation details and patches are outlined in the HPE security advisory available at https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05027en_us&docLocale=en_US.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A vulnerability has been identified in the web-based management interface of AOS-CX switches that could potentially allow an unauthenticated remote actor to circumvent existing authentication controls. In some cases this could enable resetting the admin password.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct unauthenticated remote bypass of web management interface authentication (CWE-287) on public-facing switch, enabling admin password reset and full device compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-1044Shared CWE-287
CVE-2026-1740Shared CWE-287
CVE-2026-7022Shared CWE-287
CVE-2024-13111Shared CWE-287
CVE-2026-29145Shared CWE-287
CVE-2018-25236Shared CWE-287
CVE-2024-53704Shared CWE-287
CVE-2024-57049Shared CWE-287
CVE-2025-12374Shared CWE-287
CVE-2025-15484Shared CWE-287

Affected Assets

Hpe
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires identification, reporting, and correction of flaws like this authentication bypass in the AOS-CX web management interface through timely patching per the HPE advisory.

prevent

Mandates unique identification and authentication for organizational users accessing the management interface, countering the CWE-287 improper authentication vulnerability.

prevent

Enforces approved authorizations for logical access to system resources, preventing unauthenticated remote actors from circumventing controls to reset admin passwords.

References