CVE-2026-23812
Received
Received - Intake
Address Spoofing in Network Access Points Enables MitM Attacks
Publication date: 2026-03-04
Last updated on: 2026-03-09
Assigner: Hewlett Packard Enterprise (HPE)
Description
Description
A vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway by leveraging an address-based spoofing technique. Successful exploitation enables the redirection of data streams, allowing for the interception or modification of traffic intended for the legitimate network gateway via a Machine-in-the-Middle (MitM) position.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| arubanetworks | arubaos | From 10.3.0.0 (inc) to 10.4.1.10 (inc) |
| arubanetworks | arubaos | From 10.5.0.0 (inc) to 10.7.2.2 (inc) |
| arubanetworks | arubaos | From 6.5.4.0 (inc) to 8.10.0.21 (inc) |
| arubanetworks | arubaos | From 8.11.0.0 (inc) to 8.12.0.6 (inc) |
| arubanetworks | arubaos | From 8.13.0.0 (inc) to 8.13.1.1 (inc) |
| arubanetworks | arubaos | 10.8.0.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-300 | The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint. |
