CVE-2025-27080
March 18, 2025, 8:15 p.m.
6.0
Medium
Description
Vulnerabilities in the command line interface of AOS-CX could allow an authenticated remote attacker to expose sensitive information. Successful exploitation could allow an attacker to gain unauthorized access to services outside of the impacted switch, potentially leading to lateral movement involving those services.
Product(s) Impacted
| Vendor | Product | Versions |
|---|---|---|
| Hpe |
|
|
Weaknesses
Common security weaknesses mapped to this vulnerability.
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.
*CPE(s)
Affected systems and software identified for this CVE.
| Type | Vendor | Product | Version | Update | Edition | Language | Software Edition | Target Software | Target Hardware | Other Information |
|---|---|---|---|---|---|---|---|---|---|---|
| a | hpe | aos-cx | / | / | / | / | / | / | / | / |
Tags
CVSS Score
CVSS Data - 3.1
- Attack Vector: LOCAL
- Attack Complexity: LOW
- Privileges Required: HIGH
- Scope: CHANGED
- Confidentiality Impact: HIGH
- Integrity Impact: NONE
- Availability Impact: NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Timeline
Published: March 18, 2025, 7:15 p.m.
Last Modified: March 18, 2025, 8:15 p.m.
Last Modified: March 18, 2025, 8:15 p.m.
Status : Received
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
security-alert@hpe.com
*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.