Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Deferring to vendor-assigned PR:L pending resolution of the description-vs-vector conflict; C:H reflects cryptographic secret exposure with no integrity or availability impact.
Primary rating from Vendor (hpe).
CVSS VectorVendor: hpe
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
An unauthenticated remote disclosure vulnerability has been identified in HPE Networking Instant On 1830, 1930, and 1960 Switches. Successful exploitation of this vulnerability could allow an unauthenticated remote threat actor to access sensitive cryptographic secrets on a vulnerable system.
AnalysisAI
Sensitive cryptographic material on HPE Networking Instant On 1830, 1930, and 1960 switches is exposed to remote network actors through an information disclosure vulnerability. Exploitation allows retrieval of cryptographic secrets such as private keys, certificates, or pre-shared credentials, which could subsequently enable man-in-the-middle attacks, traffic decryption, or device impersonation. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The CVSS vector (AV:N/AC:L) indicates this vulnerability is remotely exploitable with low attack complexity, requiring no special network positioning. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor-assigned CVSS score of 6.5 (Medium) reflects a network-accessible, low-complexity vulnerability with high confidentiality impact but no integrity or availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with low-level access to the switch management network sends a crafted HTTP or HTTPS request to the device's management interface, retrieving cryptographic material such as the device's TLS private key. With this key, the attacker performs a man-in-the-middle attack on encrypted management sessions or decrypts previously captured traffic, gaining administrative credentials or configuration data. … |
| Remediation | Consult the HPE security bulletin at https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05038en_us&docLocale=en_US for the official patched firmware version, which is not independently confirmed from the available data. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42075
GHSA-4mpp-rc37-5jhx