CVE-2026-23814
Published: 11 March 2026
Description
A vulnerability in the command parameters of a certain AOS-CX CLI command could allow a low-privilege authenticated remote attacker to inject malicious commands resulting in unwanted behavior.
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates command injection by requiring validation of CLI command parameters to block malicious inputs.
Addresses the vulnerability through timely flaw remediation, including applying vendor patches for the AOS-CX CLI command injection.
Limits impact of exploitation by low-privilege attackers by enforcing least privilege on CLI command execution.
Security SummaryAI
CVE-2026-23814 is a command injection vulnerability (CWE-77) in the command parameters of a certain AOS-CX CLI command. This issue affects AOS-CX software and was published on 2026-03-11 with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A low-privilege authenticated remote attacker can exploit this vulnerability over the network with low attack complexity and no user interaction. Exploitation allows the injection of malicious commands, resulting in unwanted behavior with high impacts to confidentiality, integrity, and availability.
The HPE security advisory provides details on mitigation and patches at https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05027en_us&docLocale=en_US.
Details
- CWE(s)
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE enables command injection in AOS-CX CLI (network device), directly facilitating T1059.008 (Network Device CLI) and T1210 (Exploitation of Remote Services).