CVE-2026-44877
MEDIUM
6.5
CVSS 3.1
Description
An unauthenticated remote disclosure vulnerability has been identified in HPE Networking Instant On 1830, 1930, and 1960 Switches. Successful exploitation of this vulnerability could allow an unauthenticated remote threat actor to access sensitive cryptographic secrets on a vulnerable system.
Metadata
Severity & Metrics
6.5
MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
SSVC — CISA Coordinator
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Networking Instant On | Switch Model 1830,Switch Model 1930,Switch Model 1960 | 3.0.0 ≤ 3.3.3 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-200 | adp | CWE-200 Exposure of Sensitive Information to an Unauthorized Actor |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 6.5 | MEDIUM | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
References (1)