Description
Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system.
Published: 2026-05-12
Score: 7.2 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack‑based buffer overflow exists in management service components accessed through the command‑line interface of HPE Aruba AOS‑8 and AOS‑10. An attacker who can authenticate with administrative rights can send specially crafted requests that cause the service to execute arbitrary code with the privileges of the underlying operating system. The flaw allows an authenticated user to break out of the intended bounds of the service and run code with elevated privileges, potentially compromising the entire host.

Affected Systems

Hewlett Packard Enterprise’s Aruba Networking Wireless Operating System (AOS). Vulnerable components are present in the AOS‑8 and AOS‑10 operating system releases; specific patch levels are not listed in the data.

Risk and Exploitability

The CVSS score of 7.2 indicates a high severity vulnerability. Exponential probability of exploitation is not available through EPSS, and the vulnerability is not listed in the CISA KEV catalog, suggesting no publicly confirmed exploits yet. Successful exploitation requires authenticated administrative access; the attack vector would be through the locally connected command‑line interface. Given the high impact and lack of known mitigations, the risk is significant for any systems running the affected operating system versions.

Generated by OpenCVE AI on May 12, 2026 at 20:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and install the latest Aruba AOS firmware update that contains the vendor’s fix for the buffer overflow.
  • Limit CLI management access to a small set of trusted administrative hosts and enforce strong authentication to reduce the pool of potentially compromised credentials.
  • Segment the network to isolate management interfaces from general traffic, so that even if a local administrator account is compromised, lateral movement is constrained.

Generated by OpenCVE AI on May 12, 2026 at 20:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 20:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120

Tue, 12 May 2026 19:30:00 +0000

Type Values Removed Values Added
Description Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending specially crafted requests to the affected services. Successful exploitation could allow the attacker to execute arbitrary code with elevated privileges on the underlying operating system.
Title Authenticated Stack-Based Buffer Overflow in PAPI Services
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: hpe

Published:

Updated: 2026-05-12T19:02:40.543Z

Reserved: 2026-05-07T21:29:03.734Z

Link: CVE-2026-44857

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-12T20:16:44.317

Modified: 2026-05-12T20:16:44.317

Link: CVE-2026-44857

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T20:30:23Z

Weaknesses