Command Line Interface Vulnerability in AOS-CX by HPE
CVE-2025-27080

6MEDIUM

Key Information:

Vendor: HP (HP)
Status: Aos-cx
Vendor: CVE Published:; 18 March 2025

Summary

A vulnerability exists in the command line interface of HPE AOS-CX that enables authenticated remote attackers to potentially expose sensitive information. Successful exploitation of this vulnerability could grant unauthorized access to external services associated with the affected switch, which may facilitate lateral movement within the network. It’s crucial for administrators to ensure adequate security measures are in place to bolster protection against potential exploitation.

Affected Version(s)

AOS-CX 10.10.0000

AOS-CX 10.13.0000

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 18, 2025
Vulnerability Reserved
Feb 18, 2025

Credit

Internal Engineering