Hewlett Packard Enterprise
HPE warns of critical AOS-CX flaw allowing admin password resets
Hewlett Packard Enterprise (HPE) has patched multiple security vulnerabilities in the Aruba Networking AOS-CX operating system, including several authentication and code execution issues. AOS-CX is a cloud-native network operating system (NOS) developed by HPE subsidiary Aruba Networks for the company’s CX-series campus and data center switch devices. The most severe security flaw today is a […]
HPE warns of maximum severity RCE flaw in OneView software
Hewlett Packard Enterprise (HPE) has patched a maximum-severity vulnerability in its HPE OneView software that enables attackers to execute arbitrary code remotely. OneView is HPE’s infrastructure management software that helps IT admins streamline operations and automate the management of servers, storage, and networking devices from a centralized interface. This critical security flaw (CVE-2025-37164) was reported by […]
HPE warns of hardcoded passwords in Aruba access points
Hewlett-Packard Enterprise (HPE) is warning of hardcoded credentials in Aruba Instant On Access Points that allow attackers to bypass normal device authentication and access the web interface. Aruba Instant On Access Points are compact, plug-and-play wireless (Wi-Fi) devices, designed primarily for small to medium-sized businesses, offering enterprise-grade features (guest networks, traffic segmentation) with cloud/mobile app […]
Hewlett Packard Enterprise warns of critical StoreOnce auth bypass
Hewlett Packard Enterprise (HPE) has issued a security bulletin to warn about eight vulnerabilities impacting StoreOnce, its disk-based backup and deduplication solution. Among the flaws fixed this time is a critical severity (CVSS v3.1 score: 9.8) authentication bypass vulnerability tracked under CVE-2025-37093, three remote code execution bugs, two directory traversal problems, and a server-side request forgery issue. The […]
HPE notifies employees of data breach after Russian Office 365 hack
Hewlett Packard Enterprise (HPE) is notifying employees whose data was stolen from the company’s Office 365 email environment by Russian state-sponsored hackers in a May 2023 cyberattack. According to filings with Attorney General offices in New Hampshire and Massachusets, HPE started sending the breach notification letters last month to at least 16 people who had their driver’s licenses, […]
HPE investigates breach as hacker claims to steal source code
Hewlett Packard Enterprise (HPE) is investigating claims of a new breach after a threat actor said they stole documents from the company’s developer environments. The company has told GeekFeed that it hasn’t found any evidence of a security breach, but it is investigating the threat actor’s claims. “HPE became aware on January 16 of claims […]
HPE warns of critical RCE flaws in Aruba Networking access points
Hewlett Packard Enterprise (HPE) released updates for Instant AOS-8 and AOS-10 software to address two critical vulnerabilities in Aruba Networking Access Points. The two security issues could allow a remote attacker to perform unauthenticated command injection by sending specially crafted packets to Aruba’s Access Point management protocol (PAPI) over UDP port 8211. The critical flaws are […]
HPE Aruba Networking fixes critical flaws impacting Access Points
HPE Aruba Networking has fixed three critical vulnerabilities in the Command Line Interface (CLI) service of its Aruba Access Points, which could let unauthenticated attackers gain remote code execution on vulnerable devices. The vulnerabilities (CVE-2024-42505, CVE-2024-42506, and CVE-2024-42507) can be exploited by sending specially crafted packets to the PAPI (Aruba’s Access Point management protocol) UDP port […]