Inconsistent input filtering allows Authenticated Command Injection in AOS-8 Instant...

7.2 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Description

A vulnerability in the command line interface of Access Points running AOS-10 and AOS-8 Instant could allow an authenticated remote attacker to execute system commands in a restricted shell environment. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system.

Basic Information

ID CVE-2026-23820

Source hpe

Published May 12, 2026 at 18:34

Modified May 12, 2026 at 19:29

Affected Product

Vendor Hewlett Packard Enterprise (HPE)

Product ArubaOS (AOS)

Version 10.8.0.0

Affected Versions Hewlett Packard Enterprise (HPE) ArubaOS (AOS) 10.8.0.0
Hewlett Packard Enterprise (HPE) ArubaOS (AOS) 10.7.0.0
Hewlett Packard Enterprise (HPE) ArubaOS (AOS) 10.4.0.0
Hewlett Packard Enterprise (HPE) ArubaOS (AOS) 8.13.0.0
Hewlett Packard Enterprise (HPE) ArubaOS (AOS) 8.12.0.0
Hewlett Packard Enterprise (HPE) ArubaOS (AOS) 8.10.0.0

CWE Classification

CWE-78

References

support.hpe.com /hpesc/public/docDisplay

{
    "lastseen": "",
    "description": "A vulnerability in the command line interface of Access Points running AOS-10 and AOS-8 Instant could allow an authenticated remote attacker to execute system commands in a restricted shell environment. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system.",
    "published": "2026-05-12T18:34:34.107Z",
    "modified": "2026-05-12T19:29:03.687Z",
    "type": "cve",
    "title": "Inconsistent input filtering allows Authenticated Command Injection in AOS-8 Instant and AOS-10 CLI",
    "source": "hpe",
    "references": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05049en_us&docLocale=en_US",
    "id": "CVE-2026-23820",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Hewlett Packard Enterprise (HPE) ArubaOS (AOS) 10.8.0.0\nHewlett Packard Enterprise (HPE) ArubaOS (AOS) 10.7.0.0\nHewlett Packard Enterprise (HPE) ArubaOS (AOS) 10.4.0.0\nHewlett Packard Enterprise (HPE) ArubaOS (AOS) 8.13.0.0\nHewlett Packard Enterprise (HPE) ArubaOS (AOS) 8.12.0.0\nHewlett Packard Enterprise (HPE) ArubaOS (AOS) 8.10.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.2,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ArubaOS (AOS)",
    "version": "10.8.0.0",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Inconsistent input filtering allows Authenticated Command Injection in AOS-8 Instant and AOS-10 CLI_CVE-2026-23820