CVE-2026-23811 - Vulnerability Details - OpenCVE

A vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 (L2) communication restrictions between clients and redirect traffic at Layer 3 (L3). In addition to bypassing policy enforcement, successful exploitation - when combined with a port-stealing attack - may enable a bi-directional Machine-in-the-Middle (MitM) attack.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us&docLocale=en_US

History

Wed, 04 Mar 2026 18:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-300
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 04 Mar 2026 16:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 (L2) communication restrictions between clients and redirect traffic at Layer 3 (L3). In addition to bypassing policy enforcement, successful exploitation - when combined with a port-stealing attack - may enable a bi-directional Machine-in-the-Middle (MitM) attack.
Title		Unauthorized Bi-Directional Traffic Interception via L2/L3 Manipulation
References		https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us&docLocale=en_US
Metrics		cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2026-03-04T16:12:32.715Z

Updated: 2026-03-04T17:47:01.196Z

Reserved: 2026-01-16T15:22:38.201Z

Link: CVE-2026-23811

Vulnrichment

Updated: 2026-03-04T17:46:53.358Z

NVD

Status : Awaiting Analysis

Published: 2026-03-04T17:16:19.213

Modified: 2026-03-04T18:16:28.497

Link: CVE-2026-23811

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-300

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23811", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "state": "PUBLISHED", "assignerShortName": "hpe", "dateReserved": "2026-01-16T15:22:38.201Z", "datePublished": "2026-03-04T16:12:32.715Z", "dateUpdated": "2026-03-04T17:47:01.196Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "HPE Aruba Networking Wireless Operating Systems (AOS-8 & AOS-10)", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [{"status": "affected", "version": "10.8.0.0", "versionType": "semver"}, {"lessThanOrEqual": "10.7.2.2", "status": "affected", "version": "10.7.0.0", "versionType": "semver"}, {"lessThanOrEqual": "10.4.1.10", "status": "affected", "version": "10.4.0.0", "versionType": "semver"}, {"lessThanOrEqual": "10.13.1.1", "status": "affected", "version": "8.13.0.0", "versionType": "semver"}, {"lessThanOrEqual": "10.12.0.6", "status": "affected", "version": "8.12.0.0", "versionType": "semver"}, {"lessThanOrEqual": "10.13.0.21", "status": "affected", "version": "8.10.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Xin'an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan,Srikanth V. Krishnamurthy from University of California, and Mathy Vanhoef from DistriNet, KU Leuven"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 (L2) communication restrictions between clients and redirect traffic at Layer 3 (L3). In addition to bypassing policy enforcement, successful exploitation - when combined with a port-stealing attack - may enable a bi-directional Machine-in-the-Middle (MitM) attack.</p>"}], "value": "A vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 (L2) communication restrictions between clients and redirect traffic at Layer 3 (L3). In addition to bypassing policy enforcement, successful exploitation - when combined with a port-stealing attack - may enable a bi-directional Machine-in-the-Middle (MitM) attack."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2026-03-04T16:12:32.715Z"}, "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us&docLocale=en_US"}], "source": {"advisory": "HPESBNW05026", "discovery": "EXTERNAL"}, "title": "Unauthorized Bi-Directional Traffic Interception via L2/L3 Manipulation", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-300", "lang": "en", "description": "CWE-300 Channel Accessible by Non-Endpoint"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-04T17:46:38.750950Z", "id": "CVE-2026-23811", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-04T17:47:01.196Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-23811", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-04T17:46:38.750950Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-300", "description": "CWE-300 Channel Accessible by Non-Endpoint"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-04T17:46:53.358Z"}}], "cna": {"title": "Unauthorized Bi-Directional Traffic Interception via L2/L3 Manipulation", "source": {"advisory": "HPESBNW05026", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Xin'an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan,Srikanth V. Krishnamurthy from University of California, and Mathy Vanhoef from DistriNet, KU Leuven"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Hewlett Packard Enterprise (HPE)", "product": "HPE Aruba Networking Wireless Operating Systems (AOS-8 & AOS-10)", "versions": [{"status": "affected", "version": "10.8.0.0", "versionType": "semver"}, {"status": "affected", "version": "10.7.0.0", "versionType": "semver", "lessThanOrEqual": "10.7.2.2"}, {"status": "affected", "version": "10.4.0.0", "versionType": "semver", "lessThanOrEqual": "10.4.1.10"}, {"status": "affected", "version": "8.13.0.0", "versionType": "semver", "lessThanOrEqual": "10.13.1.1"}, {"status": "affected", "version": "8.12.0.0", "versionType": "semver", "lessThanOrEqual": "10.12.0.6"}, {"status": "affected", "version": "8.10.0.0", "versionType": "semver", "lessThanOrEqual": "10.13.0.21"}], "defaultStatus": "affected"}], "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us&docLocale=en_US"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 (L2) communication restrictions between clients and redirect traffic at Layer 3 (L3). In addition to bypassing policy enforcement, successful exploitation - when combined with a port-stealing attack - may enable a bi-directional Machine-in-the-Middle (MitM) attack.", "supportingMedia": [{"type": "text/html", "value": "<p>A vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 (L2) communication restrictions between clients and redirect traffic at Layer 3 (L3). In addition to bypassing policy enforcement, successful exploitation - when combined with a port-stealing attack - may enable a bi-directional Machine-in-the-Middle (MitM) attack.</p>", "base64": false}]}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2026-03-04T16:12:32.715Z"}}}, "cveMetadata": {"cveId": "CVE-2026-23811", "state": "PUBLISHED", "dateUpdated": "2026-03-04T17:47:01.196Z", "dateReserved": "2026-01-16T15:22:38.201Z", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "datePublished": "2026-03-04T16:12:32.715Z", "assignerShortName": "hpe"}, "dataVersion": "5.2"}