Skip to main content

HPE Instant On EUVDEUVD-2026-42075

| CVE-2026-44877 MEDIUM
Information Exposure (CWE-200)
2026-07-07 hpe GHSA-4mpp-rc37-5jhx
6.5
CVSS 3.1 · Vendor: hpe
Share

Severity by source

Vendor (hpe) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vuln.today AI
6.5 MEDIUM

Deferring to vendor-assigned PR:L pending resolution of the description-vs-vector conflict; C:H reflects cryptographic secret exposure with no integrity or availability impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (hpe).

CVSS VectorVendor: hpe

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jul 07, 2026 - 20:23 vuln.today

DescriptionCVE.org

An unauthenticated remote disclosure vulnerability has been identified in HPE Networking Instant On 1830, 1930, and 1960 Switches. Successful exploitation of this vulnerability could allow an unauthenticated remote threat actor to access sensitive cryptographic secrets on a vulnerable system.

AnalysisAI

Sensitive cryptographic material on HPE Networking Instant On 1830, 1930, and 1960 switches is exposed to remote network actors through an information disclosure vulnerability. Exploitation allows retrieval of cryptographic secrets such as private keys, certificates, or pre-shared credentials, which could subsequently enable man-in-the-middle attacks, traffic decryption, or device impersonation. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify HPE Instant On switch management interface
Delivery
Send crafted HTTP/HTTPS request to management endpoint
Exploit
Receive cryptographic secret material in response
Execution
Extract private key or certificate
Persist
Conduct MITM attack or decrypt captured management traffic
Impact
Harvest administrative credentials or sensitive configuration

Vulnerability AssessmentAI

Exploitation The CVSS vector (AV:N/AC:L) indicates this vulnerability is remotely exploitable with low attack complexity, requiring no special network positioning. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor-assigned CVSS score of 6.5 (Medium) reflects a network-accessible, low-complexity vulnerability with high confidentiality impact but no integrity or availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with low-level access to the switch management network sends a crafted HTTP or HTTPS request to the device's management interface, retrieving cryptographic material such as the device's TLS private key. With this key, the attacker performs a man-in-the-middle attack on encrypted management sessions or decrypts previously captured traffic, gaining administrative credentials or configuration data. …
Remediation Consult the HPE security bulletin at https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05038en_us&docLocale=en_US for the official patched firmware version, which is not independently confirmed from the available data. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-42075 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy