CVE-2026-23809 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2026-23809

Analyzed

More Info Official Page

Source-security-alert@hpe.com

Published At-04 Mar, 2026 | 17:16

Updated At-09 Mar, 2026 | 19:22

A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual ports, an attacker could potentially bypass inter-BSSID isolation controls. Successful exploitation may enable an attacker to redirect and intercept the victim's network traffic, potentially resulting in eavesdropping, session hijacking, or denial of service.

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.4	MEDIUM	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Primary	3.1	7.6	HIGH	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Type: Secondary

Version: 3.1

Base score: 5.4

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Type: Primary

Version: 3.1

Base score: 7.6

Base severity: HIGH

Vector:

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CPE Matches

>>arubaos>>Versions from 6.5.4.0(inclusive) to 8.10.0.21(inclusive)

cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*

>>arubaos>>Versions from 8.11.0.0(inclusive) to 8.12.0.6(inclusive)

cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*

>>arubaos>>Versions from 8.13.0.0(inclusive) to 8.13.1.1(inclusive)

cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*

>>arubaos>>Versions from 10.3.0.0(inclusive) to 10.4.1.10(inclusive)

cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*

>>arubaos>>Versions from 10.5.0.0(inclusive) to 10.7.2.2(inclusive)

cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*

>>arubaos>>10.8.0.0

cpe:2.3:o:arubanetworks:arubaos:10.8.0.0:*:*:*:*:*:*:*

>>7010>>-

cpe:2.3:h:arubanetworks:7010:-:*:*:*:*:*:*:*

>>7030>>-

cpe:2.3:h:arubanetworks:7030:-:*:*:*:*:*:*:*

>>7205>>-

cpe:2.3:h:arubanetworks:7205:-:*:*:*:*:*:*:*

>>7210>>-

cpe:2.3:h:arubanetworks:7210:-:*:*:*:*:*:*:*

>>7220>>-

cpe:2.3:h:arubanetworks:7220:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:7240xm:-:*:*:*:*:*:*:*

>>7280>>-

cpe:2.3:h:arubanetworks:7280:-:*:*:*:*:*:*:*

>>9004>>-

cpe:2.3:h:arubanetworks:9004:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:9004-lte:-:*:*:*:*:*:*:*

>>9012>>-

cpe:2.3:h:arubanetworks:9012:-:*:*:*:*:*:*:*

>>9106>>-

cpe:2.3:h:arubanetworks:9106:-:*:*:*:*:*:*:*

>>9114>>-

cpe:2.3:h:arubanetworks:9114:-:*:*:*:*:*:*:*

>>9240>>-

cpe:2.3:h:arubanetworks:9240:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-634:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-635:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-654:-:*:*:*:*:*:*:*

cpe:2.3:h:arubanetworks:ap-655:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-400	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-400

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us&docLocale=en_US	security-alert@hpe.com	Vendor Advisory

Hyperlink: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05026en_us&docLocale=en_US

Source: security-alert@hpe.com

Resource:

Vendor Advisory