CVE-2026-23812 (GCVE-0-2026-23812)

Vulnerability from cvelistv5 – Published: 2026-03-04 16:13 – Updated: 2026-03-04 17:47
VLAI?
Title
Security Boundary Bypass via Routing Node Impersonation
Summary
A vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway by leveraging an address-based spoofing technique. Successful exploitation enables the redirection of data streams, allowing for the interception or modification of traffic intended for the legitimate network gateway via a Machine-in-the-Middle (MitM) position.
Severity ?
4.3 (Medium)
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE
  • CWE-300 - Channel Accessible by Non-Endpoint
Assigner
hpe
References
Impacted products
Vendor Product Version
Hewlett Packard Enterprise (HPE) HPE Aruba Networking Wireless Operating Systems (AOS-8 & AOS-10) Affected: 10.8.0.0 (semver)
Affected: 10.7.0.0 , ≤ 10.7.2.2 (semver)
Affected: 10.4.0.0 , ≤ 10.4.1.10 (semver)
Affected: 8.13.0.0 , ≤ 10.13.1.1 (semver)
Affected: 8.12.0.0 , ≤ 10.12.0.6 (semver)
Affected: 8.10.0.0 , ≤ 10.13.0.21 (semver)
Create a notification for this product.
Credits
Xin'an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan,Srikanth V. Krishnamurthy from University of California, and Mathy Vanhoef from DistriNet, KU Leuven
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-23812",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-04T17:47:35.522639Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-300",
                "description": "CWE-300 Channel Accessible by Non-Endpoint",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-04T17:47:54.403Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "HPE Aruba Networking Wireless Operating Systems (AOS-8 \u0026 AOS-10)",
          "vendor": "Hewlett Packard Enterprise (HPE)",
          "versions": [
            {
              "status": "affected",
              "version": "10.8.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.7.2.2",
              "status": "affected",
              "version": "10.7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.4.1.10",
              "status": "affected",
              "version": "10.4.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.13.1.1",
              "status": "affected",
              "version": "8.13.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.12.0.6",
              "status": "affected",
              "version": "8.12.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.13.0.21",
              "status": "affected",
              "version": "8.10.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Xin\u0027an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan,Srikanth V. Krishnamurthy from University of California, and Mathy Vanhoef from DistriNet, KU Leuven"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway by leveraging an address-based spoofing technique. Successful exploitation enables the redirection of data streams, allowing for the interception or modification of traffic intended for the legitimate network gateway via a Machine-in-the-Middle (MitM) position.\u003c/p\u003e"
            }
          ],
          "value": "A vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway by leveraging an address-based spoofing technique. Successful exploitation enables the redirection of data streams, allowing for the interception or modification of traffic intended for the legitimate network gateway via a Machine-in-the-Middle (MitM) position."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-04T16:13:48.086Z",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us\u0026docLocale=en_US"
        }
      ],
      "source": {
        "advisory": "HPESBNW05026",
        "discovery": "EXTERNAL"
      },
      "title": "Security Boundary Bypass via Routing Node Impersonation",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2026-23812",
    "datePublished": "2026-03-04T16:13:48.086Z",
    "dateReserved": "2026-01-16T15:22:38.202Z",
    "dateUpdated": "2026-03-04T17:47:54.403Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-23812\",\"sourceIdentifier\":\"security-alert@hpe.com\",\"published\":\"2026-03-04T17:16:19.357\",\"lastModified\":\"2026-03-04T18:16:28.660\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway by leveraging an address-based spoofing technique. Successful exploitation enables the redirection of data streams, allowing for the interception or modification of traffic intended for the legitimate network gateway via a Machine-in-the-Middle (MitM) position.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-alert@hpe.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-300\"}]}],\"references\":[{\"url\":\"https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us\u0026docLocale=en_US\",\"source\":\"security-alert@hpe.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-23812\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-04T17:47:35.522639Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-300\", \"description\": \"CWE-300 Channel Accessible by Non-Endpoint\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-04T17:47:46.335Z\"}}], \"cna\": {\"title\": \"Security Boundary Bypass via Routing Node Impersonation\", \"source\": {\"advisory\": \"HPESBNW05026\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Xin\u0027an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan,Srikanth V. Krishnamurthy from University of California, and Mathy Vanhoef from DistriNet, KU Leuven\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Hewlett Packard Enterprise (HPE)\", \"product\": \"HPE Aruba Networking Wireless Operating Systems (AOS-8 \u0026 AOS-10)\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.8.0.0\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"10.7.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.7.2.2\"}, {\"status\": \"affected\", \"version\": \"10.4.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.4.1.10\"}, {\"status\": \"affected\", \"version\": \"8.13.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.13.1.1\"}, {\"status\": \"affected\", \"version\": \"8.12.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.12.0.6\"}, {\"status\": \"affected\", \"version\": \"8.10.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.13.0.21\"}], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us\u0026docLocale=en_US\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway by leveraging an address-based spoofing technique. Successful exploitation enables the redirection of data streams, allowing for the interception or modification of traffic intended for the legitimate network gateway via a Machine-in-the-Middle (MitM) position.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eA vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway by leveraging an address-based spoofing technique. Successful exploitation enables the redirection of data streams, allowing for the interception or modification of traffic intended for the legitimate network gateway via a Machine-in-the-Middle (MitM) position.\u003c/p\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"eb103674-0d28-4225-80f8-39fb86215de0\", \"shortName\": \"hpe\", \"dateUpdated\": \"2026-03-04T16:13:48.086Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-23812\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-04T17:47:54.403Z\", \"dateReserved\": \"2026-01-16T15:22:38.202Z\", \"assignerOrgId\": \"eb103674-0d28-4225-80f8-39fb86215de0\", \"datePublished\": \"2026-03-04T16:13:48.086Z\", \"assignerShortName\": \"hpe\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.