Plattform
aruba
Komponente
private-5g-core
Behoben in
1.25.4
A critical vulnerability has been discovered in the graphical user interface (GUI) of HPE Aruba Networking Private 5G Core On-Prem. This vulnerability is an open redirect, allowing attackers to craft malicious URLs that redirect authenticated users to attacker-controlled servers. Successful exploitation could lead to credential theft and further compromise. The vulnerability impacts versions 1.0.0 through 1.25.3.0, and a fix is available in version 1.25.4.
An attacker can exploit CVE-2026-23818 by crafting a malicious URL that redirects an authenticated user to a fake login page. The unsuspecting user, believing they are logging into the legitimate Aruba 5G Core interface, enters their credentials, which are then captured by the attacker. This stolen information can then be used to gain unauthorized access to the system and potentially compromise sensitive data. The blast radius is significant, as a successful attack could grant the attacker control over the entire Private 5G Core network. This vulnerability shares similarities with other open redirect attacks, where social engineering is often the primary attack vector.
CVE-2026-23818 was published on April 7, 2026, with a CVSS score of 8.8 (High). No public exploits are currently known, but the open redirect nature of the vulnerability makes it a potential target for phishing campaigns. Its EPSS score is likely to be medium, indicating a moderate probability of exploitation. Monitor NVD and CISA advisories for updates.
Organizations utilizing HPE Aruba Networking Private 5G Core On-Prem, particularly those relying on the GUI for user authentication, are at risk. Shared hosting environments where multiple tenants share the same infrastructure are also at increased risk, as a compromise of one tenant could potentially expose credentials for others. Legacy configurations with weak password policies exacerbate the risk.
• aruba / web:
curl -I <vulnerable_url_with_redirect>Inspect the response headers for a redirect to an unexpected or attacker-controlled domain. • aruba / web:
grep -i redirect /var/log/apache2/access.log | grep <vulnerable_domain>Search access logs for redirect requests originating from the vulnerable domain. • aruba / web:
curl -v <vulnerable_url_with_redirect> 2>&1 | grep LocationVerbose curl output to check the 'Location' header for malicious redirects.
disclosure
Exploit-Status
EPSS
0.04% (12% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-23818 is to upgrade HPE Aruba Networking Private 5G Core On-Prem to version 1.25.4 or later. Before upgrading, review the release notes for any potential compatibility issues or breaking changes. As a temporary workaround, implement strict URL filtering on your web proxies or firewalls to block redirects to untrusted domains. Consider implementing multi-factor authentication (MFA) to add an extra layer of security, even if an attacker manages to steal credentials. Regularly monitor login activity for any suspicious patterns.
Aplique la actualización de seguridad proporcionada por HPE Aruba Networking a la versión 1.25.4 o posterior para mitigar la vulnerabilidad de redirección abierta. Consulte la documentación de HPE para obtener instrucciones detalladas sobre cómo aplicar la actualización.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-23818 is a HIGH severity Open Redirect vulnerability in HPE Aruba Networking Private 5G Core, allowing attackers to redirect users to malicious sites and potentially steal credentials.
If you are using HPE Aruba Networking Private 5G Core versions 1.0.0–1.25.3.0, you are potentially affected by this vulnerability.
Upgrade to HPE Aruba Networking Private 5G Core version 1.25.4 or later to remediate the vulnerability. Implement temporary workarounds like URL filtering and WAF rules if immediate upgrade is not possible.
There is currently no indication of active exploitation, but the vulnerability's ease of exploitation warrants immediate attention and mitigation.
Refer to the official HPE security advisory for detailed information and mitigation guidance: [https://arubanetworks.com/support/security/advisories/arp-sa-0001]
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.