漏洞标题 HPE Aruba Networking AOS-CX Multiple Vulnerabilities 漏洞严重性 Local: Gain Unauthorized Access Remote: Access Restriction Bypass, Arbitrary Command Execution, Code Execution, Denial of Service (DoS), Directory Traversal, Disclosure of Sensitive Information, Elevated Privileges, Session Reuse 源 Hewlett Packard Enterprise, HPE Product Security Response Team 漏洞汇总 HPE Aruba Networking AOS-CX, Multiple Vulnerabilities 漏洞详情 CVE-2025-37155: - 描述: Authenticated Privilege Escalation Allows Unauthorized Access in Network Management Interface - 严重性: High - 发现者: Angelo Catalani and Giacomo Gloria from Italian National Cybersecurity Agency (ACN) - 解决方法: 限制CLI和Web管理接口到专用的L2段/VLAN或通过L3和以上层面的防火墙策略进行控制 CVE-2025-37156: - 描述: ArubaOS-CX Platform-Level Denial-of-Service Vulnerability - 严重性: Medium - 发现者: Nicholas Starke from HPE Aruba Networking SIRT - 解决方法: 同上 受影响的产品 HPE Aruba Networking AOS-CX Software Version(s) - AOS-CX 10.16.xxxx: 10.16.1000 and below - AOS-CX 10.15.xxxx: 10.15.1020 and below - AOS-CX 10.14.xxxx: 10.14.1050 and below - AOS-CX 10.13.xxxx: 10.13.1090 and below - AOS-CX 10.10.xxxx: 10.10.1160 and below 修复措施 升级HPE Aruba Networking AOS-CX到一下版本(视情况而定): - AOS-CX 10.16.xxxx: AOS-CX 10.16.1001 and above - AOS-CX 10.15.xxxx: AOS-CX 10.15.1030 and above - AOS-CX 10.14.xxxx: AOS-CX 10.14.1060 and above - AOS-CX 10.13.xxxx: AOS-CX 10.13.1101 and above - AOS-CX 10.10.xxxx: AOS-CX 10.10.1170 and above