CVE-2025-27080

Authenticated Sensitive Information Disclosure exposes Credentials in AOS-CX Command Line Interface

CVSS 6 MEDIUMEPSS 0.2%CWE-359

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 6EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

18 mar 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Vulnerabilities in the command line interface of AOS-CX could allow an authenticated remote attacker to expose sensitive information. Successful exploitation could allow an attacker to gain unauthorized access to services outside of the impacted switch, potentially leading to lateral movement involving those services.

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Productos afectados

Hewlett Packard Enterprise (HPE) · AOS-CX

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04818en_us&docLocale=en_US