Back to overview

CVE-2026-44877

MEDIUM
6.5
CVSS 3.1
Description
An unauthenticated remote disclosure vulnerability has been identified in HPE Networking Instant On 1830, 1930, and 1960 Switches. Successful exploitation of this vulnerability could allow an unauthenticated remote threat actor to access sensitive cryptographic secrets on a vulnerable system.

Metadata

CVE ID
CVE-2026-44877
State
PUBLISHED
Assigner
hpe
Reserved
2026-05-07 21:29 UTC
Published
2026-07-07 19:03 UTC
Last updated
2026-07-07 20:31 UTC
Primary CWE
CWE-200
CWE-200 Exposure of Sensitive Information to an Unauthorized…
Vendor / Product
Hewlett Packard Enterprise (HPE) / HPE Networking Instant On
Sources
cve.org  ·  NVD

Severity & Metrics

6.5 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
Hewlett Packard Enterprise (HPE) HPE Networking Instant On Switch Model 1830,Switch Model 1930,Switch Model 1960 3.0.0 ≤ 3.3.3
Weakness (CWE)
CWESourceDescription
CWE-200 adp CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVSS scores (1)
ScoreSeverityVersionSourceVector
6.5 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Back to overview