CVE-2026-23811 - Vulnerability Details

- Unauthorized Bi-Directional Traffic Interception via L2/L3 Manipulation

Description

A vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 (L2) communication restrictions between clients and redirect traffic at Layer 3 (L3). In addition to bypassing policy enforcement, successful exploitation - when combined with a port-stealing attack - may enable a bi-directional Machine-in-the-Middle (MitM) attack.

Published: 2026-03-04

Score: 4.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability lies in the client isolation mechanism, allowing an attacker to bypass Layer 2 communication restrictions between clients and redirect traffic at Layer 3. This can be compounded by a port‑stealing attack to perform a bi-directional Man‑in‑the‑Middle, exposing sensitive data and disrupting connectivity.

Affected Systems

Hewlett Packard Enterprise’s Aruba Networking Wireless Operating Systems (AOS‑8 and AOS‑10) are impacted, including a broad range of Aruba AP hardware and LTE gateways as indicated by the CPE entries. The vulnerability applies to any deployment using the affected OS versions, but no specific version numbers are disclosed in the CNA data.

Risk and Exploitability

The CVSS score of 4.3 indicates a low severity. EPSS is less than 1% and the issue is not listed in the CISA KEV catalog, suggesting a low probability of widespread exploitation. Likely the attacker must be on the same broadcast domain to manipulate the isolation controls, but the potential for confidential data exposure remains.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Hewlett Packard Enterprise (HPE)

HPE Aruba Networking Wireless Operating Systems (AOS-8 & AOS-10)

affected

Version	Status	Constraints
`10.8.0.0`	affected	—
`10.7.0.0`	affected	≤ 10.7.2.2
`10.4.0.0`	affected	≤ 10.4.1.10
`8.13.0.0`	affected	≤ 8.13.1.1
`8.12.0.0`	affected	≤ 8.12.0.6
`8.10.0.0`	affected	≤ 8.10.0.21

Configuration 1 [-]

AND

OR	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos::::::::
	cpe:2.3:o:arubanetworks:arubaos:10.8.0.0:::::::*

OR	cpe:2.3:h:arubanetworks:7010:-:::::::*
	cpe:2.3:h:arubanetworks:7030:-:::::::*
	cpe:2.3:h:arubanetworks:7205:-:::::::*
	cpe:2.3:h:arubanetworks:7210:-:::::::*
	cpe:2.3:h:arubanetworks:7220:-:::::::*
	cpe:2.3:h:arubanetworks:7240xm:-:::::::*
	cpe:2.3:h:arubanetworks:7280:-:::::::*
	cpe:2.3:h:arubanetworks:9004:-:::::::*
	cpe:2.3:h:arubanetworks:9004-lte:-:::::::*
	cpe:2.3:h:arubanetworks:9012:-:::::::*
	cpe:2.3:h:arubanetworks:9106:-:::::::*
	cpe:2.3:h:arubanetworks:9114:-:::::::*
	cpe:2.3:h:arubanetworks:9240:-:::::::*
	cpe:2.3:h:arubanetworks:ap-634:-:::::::*
	cpe:2.3:h:arubanetworks:ap-635:-:::::::*
	cpe:2.3:h:arubanetworks:ap-654:-:::::::*
	cpe:2.3:h:arubanetworks:ap-655:-:::::::*

No data.

Vendor Product Confidence Versions

Hpe

Aruba Networking Wireless Operating Systems

100%

Version	Status	Scheme	Platform
`10.8.0.0`	affected	generic	—
`[10.7.0.0,10.7.2.2]`	affected	generic	—
`[10.4.0.0,10.4.1.10]`	affected	generic	—
`[8.13.0.0,10.13.1.1]`	affected	generic	—
`[8.12.0.0,10.12.0.6]`	affected	generic	—
`[8.10.0.0,10.13.0.21]`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest Aruba OS update that fixes the client isolation vulnerability.
Disable or tightly restrict port‑stealing features and enforce strict client isolation policies.
Verify isolation functionality by testing connectivity between isolated clients and monitoring for unexpected Layer 3 traffic flows.

Generated by OpenCVE AI on April 16, 2026 at 05:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00022.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us&docLocale=en_US

History

Mon, 09 Mar 2026 19:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Arubanetworks Arubanetworks 7010 Arubanetworks 7030 Arubanetworks 7205 Arubanetworks 7210 Arubanetworks 7220 Arubanetworks 7240xm Arubanetworks 7280 Arubanetworks 9004 Arubanetworks 9004-lte Arubanetworks 9012 Arubanetworks 9106 Arubanetworks 9114 Arubanetworks 9240 Arubanetworks ap-634 Arubanetworks ap-635 Arubanetworks ap-654 Arubanetworks ap-655 Arubanetworks arubaos
CPEs		cpe:2.3:h:arubanetworks:7010:-:::::::* cpe:2.3:h:arubanetworks:7030:-:::::::* cpe:2.3:h:arubanetworks:7205:-:::::::* cpe:2.3:h:arubanetworks:7210:-:::::::* cpe:2.3:h:arubanetworks:7220:-:::::::* cpe:2.3:h:arubanetworks:7240xm:-:::::::* cpe:2.3:h:arubanetworks:7280:-:::::::* cpe:2.3:h:arubanetworks:9004-lte:-:::::::* cpe:2.3:h:arubanetworks:9004:-:::::::* cpe:2.3:h:arubanetworks:9012:-:::::::* cpe:2.3:h:arubanetworks:9106:-:::::::* cpe:2.3:h:arubanetworks:9114:-:::::::* cpe:2.3:h:arubanetworks:9240:-:::::::* cpe:2.3:h:arubanetworks:ap-634:-:::::::* cpe:2.3:h:arubanetworks:ap-635:-:::::::* cpe:2.3:h:arubanetworks:ap-654:-:::::::* cpe:2.3:h:arubanetworks:ap-655:-:::::::* cpe:2.3:o:arubanetworks:arubaos:::::::: cpe:2.3:o:arubanetworks:arubaos:10.8.0.0:::::::*
Vendors & Products		Arubanetworks Arubanetworks 7010 Arubanetworks 7030 Arubanetworks 7205 Arubanetworks 7210 Arubanetworks 7220 Arubanetworks 7240xm Arubanetworks 7280 Arubanetworks 9004 Arubanetworks 9004-lte Arubanetworks 9012 Arubanetworks 9106 Arubanetworks 9114 Arubanetworks 9240 Arubanetworks ap-634 Arubanetworks ap-635 Arubanetworks ap-654 Arubanetworks ap-655 Arubanetworks arubaos

Thu, 05 Mar 2026 09:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Hpe Hpe aruba Networking Wireless Operating Systems
Vendors & Products		Hpe Hpe aruba Networking Wireless Operating Systems

Wed, 04 Mar 2026 18:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-300
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 04 Mar 2026 16:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 (L2) communication restrictions between clients and redirect traffic at Layer 3 (L3). In addition to bypassing policy enforcement, successful exploitation - when combined with a port-stealing attack - may enable a bi-directional Machine-in-the-Middle (MitM) attack.
Title		Unauthorized Bi-Directional Traffic Interception via L2/L3 Manipulation
References		https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us&docLocale=en_US
Metrics		cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}`

Subscriptions

Arubanetworks 7010 7030 7205 7210 7220 7240xm 7280 9004 9004-lte 9012 9106 9114 9240 Ap-634 Ap-635 Ap-654 Ap-655 Arubaos

Hpe Aruba Networking Wireless Operating Systems

MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2026-03-04T16:12:32.715Z

Updated: 2026-04-01T16:21:29.217Z

Reserved: 2026-01-16T15:22:38.201Z

Link: CVE-2026-23811

Vulnrichment

Updated: 2026-03-04T17:46:53.358Z

NVD

Status : Analyzed

Published: 2026-03-04T17:16:19.213

Modified: 2026-03-09T19:19:27.327

Link: CVE-2026-23811

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-16T05:45:26Z

Weaknesses

CWE-300

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object