Description
A vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway by leveraging an address-based spoofing technique. Successful exploitation enables the redirection of data streams, allowing for the interception or modification of traffic intended for the legitimate network gateway via a Machine-in-the-Middle (MitM) position.
Published: 2026-03-04
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Man-in-the-Middle (MitM)
Action: Apply Patch
AI Analysis

Impact

A device connecting to an Aruba access point can present itself as the network gateway by spoofing an address. The flaw allows the attacker to redirect traffic flows, effectively positioning itself as a Man-in-the-Middle and potentially intercepting or modifying data intended for the legitimate gateway. This can compromise confidentiality and integrity of network traffic.

Affected Systems

Hewlett Packard Enterprise’s Aruba Networking Wireless Operating Systems AOS‑8 and AOS‑10 are affected. Specific firmware versions are not listed in the advisory, but all devices running these operating systems are at risk unless a recent firmware update addressing the spoofing fix is installed.

Risk and Exploitability

CVSS score 4.3 indicates a moderate severity. EPSS is below 1%, suggesting low current exploitation likelihood, and the vulnerability is not cataloged in CISA’s KEV list. The attack most likely requires an attacker to join the local network as a standard wired or wireless client, then use address-based spoofing to masquerade as the gateway. If successful, the attacker gains control over the data path between clients and the network, enabling interception or alteration of traffic. Defenders should apply the vendor-supplied firmware update and monitor for suspicious gateway behavior.

Generated by OpenCVE AI on April 15, 2026 at 23:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Aruba OS firmware update that addresses the address‑spoofing issue
  • Disable or restrict address‑based spoofing features on access points if configuration allows
  • Monitor network traffic for anomalous gateway behavior or unauthorized redirection of data streams

Generated by OpenCVE AI on April 15, 2026 at 23:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 09 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Arubanetworks
Arubanetworks 7010
Arubanetworks 7030
Arubanetworks 7205
Arubanetworks 7210
Arubanetworks 7220
Arubanetworks 7240xm
Arubanetworks 7280
Arubanetworks 9004
Arubanetworks 9004-lte
Arubanetworks 9012
Arubanetworks 9106
Arubanetworks 9114
Arubanetworks 9240
Arubanetworks ap-634
Arubanetworks ap-635
Arubanetworks ap-654
Arubanetworks ap-655
Arubanetworks arubaos
CPEs cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:9106:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:9114:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:9240:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:ap-634:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:ap-635:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:ap-654:-:*:*:*:*:*:*:*
cpe:2.3:h:arubanetworks:ap-655:-:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*
cpe:2.3:o:arubanetworks:arubaos:10.8.0.0:*:*:*:*:*:*:*
Vendors & Products Arubanetworks
Arubanetworks 7010
Arubanetworks 7030
Arubanetworks 7205
Arubanetworks 7210
Arubanetworks 7220
Arubanetworks 7240xm
Arubanetworks 7280
Arubanetworks 9004
Arubanetworks 9004-lte
Arubanetworks 9012
Arubanetworks 9106
Arubanetworks 9114
Arubanetworks 9240
Arubanetworks ap-634
Arubanetworks ap-635
Arubanetworks ap-654
Arubanetworks ap-655
Arubanetworks arubaos

Thu, 05 Mar 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Hpe
Hpe aruba Networking Wireless Operating Systems
Vendors & Products Hpe
Hpe aruba Networking Wireless Operating Systems

Wed, 04 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-300
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 04 Mar 2026 16:30:00 +0000

Type Values Removed Values Added
Description A vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway by leveraging an address-based spoofing technique. Successful exploitation enables the redirection of data streams, allowing for the interception or modification of traffic intended for the legitimate network gateway via a Machine-in-the-Middle (MitM) position.
Title Security Boundary Bypass via Routing Node Impersonation
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Arubanetworks 7010 7030 7205 7210 7220 7240xm 7280 9004 9004-lte 9012 9106 9114 9240 Ap-634 Ap-635 Ap-654 Ap-655 Arubaos
Hpe Aruba Networking Wireless Operating Systems
cve-icon MITRE

Status: PUBLISHED

Assigner: hpe

Published:

Updated: 2026-04-01T16:21:09.805Z

Reserved: 2026-01-16T15:22:38.202Z

Link: CVE-2026-23812

cve-icon Vulnrichment

Updated: 2026-03-04T17:47:46.335Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-04T17:16:19.357

Modified: 2026-03-09T19:14:53.950

Link: CVE-2026-23812

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T00:00:14Z

Weaknesses