Description
An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating system by exploiting improper input validation in the file path parameter. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system as a privileged user.
Published: 2026-05-12
Score: 7.2 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An authenticated attacker can exploit improper input validation in the certificate download function of the AOS-8 and AOS-10 web‑based management interface to overwrite arbitrary files on the underlying operating system. The overwrite can target critical system files, allowing the attacker to execute arbitrary commands as a privileged user, which compromises confidentiality, integrity, and availability of the device.

Affected Systems

The vulnerability affects Hewlett Packard Enterprise Aruba Networking Wireless Operating System (AOS) versions AOS‑8 and AOS‑10. All devices running these OS releases are potentially exposed.

Risk and Exploitability

The CVSS score of 7.2 indicates high severity, but the EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires that the attacker already possess valid credentials for the web interface; once authenticated, the attacker can send a crafted request that manipulates the file path parameter to overwrite files and trigger command execution. The attack vector is therefore an authenticated remote web‑interface exploit, likely performed over HTTPS.

Generated by OpenCVE AI on May 12, 2026 at 20:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest HPE Aruba OS patch that fixes the file‑path validation issue.
  • If a patch is not yet available, restrict the web‑based management interface to trusted networks, enforce strong authentication, and consider disabling the certificate download feature if it is not required.
  • Monitor the system for unauthorized file modifications and anomalous command executions, and review access logs for suspicious activity.

Generated by OpenCVE AI on May 12, 2026 at 20:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 21:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
CWE-788

Tue, 12 May 2026 19:30:00 +0000

Type Values Removed Values Added
Description An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating system by exploiting improper input validation in the file path parameter. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system as a privileged user.
Title Authenticated Remote Code Execution via Arbitrary File Overwrite in the AOS-8 and AOS-10 Web-Based Management Interface
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: hpe

Published:

Updated: 2026-05-12T18:55:53.008Z

Reserved: 2026-05-07T21:29:03.734Z

Link: CVE-2026-44852

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-12T20:16:43.803

Modified: 2026-05-12T20:16:43.803

Link: CVE-2026-44852

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T20:45:23Z

Weaknesses