These issues allow remote attackers on adjacent networks to escalate privileges and launch denial-of-service (DoS) attacks. The advisory, HPESBNW05002, was published on February 10, 2026.
Four vulnerabilities affect HPE Aruba Networking Private 5G Core versions 1.24.3.0 through 1.24.3.3.
They stem from flaws in the application and management APIs, enabling unauthenticated exploits. No workaround exists, so upgrading is essential.
CVE-2026-23595 is the most severe, with a CVSS score of 8.8 (High). It allows authentication bypass in the application API, letting attackers create admin accounts for full control, including config changes and data manipulation. Attackers need adjacent network access (AV:A).
CVE-2026-23596 (CVSS 6.5, Medium) enables DoS via the management API. Unauthenticated users can force service restarts, disrupting 5G core availability.
CVE-2026-23597 and CVE-2026-23598 (both CVSS 6.5, Medium) leak sensitive info like user accounts, roles, and configs through API errors. This aids further attacks when chained with others.
| CVE ID | CVSS v3.1 Score | Impact Type | Vector |
|---|---|---|---|
| CVE-2026-23595 | 8.8 | Privilege Escalation | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2026-23596 | 6.5 | DoS (Service Restart) | AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| CVE-2026-23597 | 6.5 | Info Disclosure | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| CVE-2026-23598 | 6.5 | Info Disclosure | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Canada’s Communications Security Establishment (CSE) found these flaws. Versions below 1.24.2.2 and 1.25.1.0+ are safe. Private 5G setups in enterprises face high risk from network-adjacent threats.
Upgrade to 1.25.1.0 or later via HPE’s portal. Segment networks to block adjacent access. Monitor API traffic for anomalies. HPE urges prompt action to protect 5G infrastructure integrity.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
The post HPE Aruba Networking Vulnerability Allows Privilege Escalation and DoS Attacks appeared first on Cyber Security News.
In honor of its Animal Crossing series' 25th anniversary, Nintendo has a special treat for…
In honor of its Animal Crossing series' 25th anniversary, Nintendo has a special treat for…
In honor of its Animal Crossing series' 25th anniversary, Nintendo has a special treat for…
A representative for pop star Katy Perry has issued a strongly worded response to sexual…
A representative for pop star Katy Perry has issued a strongly worded response to sexual…
ABILENE, Texas (KTAB/KRBC) – Dr. Paul Fabrizio was honored Monday at McMurry University by State…
This website uses cookies.