These issues allow remote attackers on adjacent networks to escalate privileges and launch denial-of-service (DoS) attacks. The advisory, HPESBNW05002, was published on February 10, 2026.
Four vulnerabilities affect HPE Aruba Networking Private 5G Core versions 1.24.3.0 through 1.24.3.3.
They stem from flaws in the application and management APIs, enabling unauthenticated exploits. No workaround exists, so upgrading is essential.
CVE-2026-23595 is the most severe, with a CVSS score of 8.8 (High). It allows authentication bypass in the application API, letting attackers create admin accounts for full control, including config changes and data manipulation. Attackers need adjacent network access (AV:A).
CVE-2026-23596 (CVSS 6.5, Medium) enables DoS via the management API. Unauthenticated users can force service restarts, disrupting 5G core availability.
CVE-2026-23597 and CVE-2026-23598 (both CVSS 6.5, Medium) leak sensitive info like user accounts, roles, and configs through API errors. This aids further attacks when chained with others.
| CVE ID | CVSS v3.1 Score | Impact Type | Vector |
|---|---|---|---|
| CVE-2026-23595 | 8.8 | Privilege Escalation | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2026-23596 | 6.5 | DoS (Service Restart) | AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| CVE-2026-23597 | 6.5 | Info Disclosure | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| CVE-2026-23598 | 6.5 | Info Disclosure | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Canada’s Communications Security Establishment (CSE) found these flaws. Versions below 1.24.2.2 and 1.25.1.0+ are safe. Private 5G setups in enterprises face high risk from network-adjacent threats.
Upgrade to 1.25.1.0 or later via HPE’s portal. Segment networks to block adjacent access. Monitor API traffic for anomalies. HPE urges prompt action to protect 5G infrastructure integrity.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
The post HPE Aruba Networking Vulnerability Allows Privilege Escalation and DoS Attacks appeared first on Cyber Security News.
50 Years Ago The Massachusetts Public Interest Research Group (Mass-PIRG) has criticized the Northampton Small…
WESTHAMPTON — Voters shot down a request for a $500,000 Proposition 2½ override by 59 votes…
NORTHAMPTON — After setting 27 fires between 2007 and 2009 that terrorized Ward 3 neighborhoods…
SUNDERLAND — Investigators have determined that the fire at the Sugarloaf Estates apartment complex on…
Repeating the mantra that “food is medicine,” U.S. Rep. Jim McGovern is leading a bipartisan…
LEVERETT — A two-story home just east of North Leverett center was destroyed in a…
This website uses cookies.