{"api_version":"1","generated_at":"2026-07-09T04:34:25+00:00","cve":"CVE-2026-44877","urls":{"html":"https://cve.report/CVE-2026-44877","api":"https://cve.report/api/cve/CVE-2026-44877.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-44877","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-44877"},"summary":{"title":"Unauthenticated Remote Disclosure of Cryptographic Secrets","description":"An unauthenticated remote disclosure vulnerability has been identified in HPE Networking Instant On 1830, 1930, and 1960 Switches. Successful exploitation of this vulnerability could allow an unauthenticated remote threat actor to access sensitive cryptographic secrets on a vulnerable system.","state":"PUBLISHED","assigner":"hpe","published_at":"2026-07-07 20:16:28","updated_at":"2026-07-07 21:17:25"},"problem_types":["CWE-200","CWE-200 CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"],"metrics":[{"version":"3.1","source":"security-alert@hpe.com","type":"Secondary","score":"6.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"6.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","version":"3.1"}}],"references":[{"url":"https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05038en_us&docLocale=en_US","name":"https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05038en_us&docLocale=en_US","refsource":"security-alert@hpe.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-44877","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44877","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Hewlett Packard Enterprise (HPE)","product":"HPE Networking Instant On","version":"affected 3.0.0 3.3.3 semver","platforms":["Switch Model 1830","Switch Model 1930","Switch Model 1960"]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Aaron P. Davis","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"44877","cve":"CVE-2026-44877","epss":"0.002770000","percentile":"0.194890000","score_date":"2026-07-08","updated_at":"2026-07-09 00:13:15"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-44877","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-07-07T20:31:39.854857Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-200","description":"CWE-200 Exposure of Sensitive Information to an Unauthorized Actor","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-07-07T20:31:53.068Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"affected","platforms":["Switch Model 1830","Switch Model 1930","Switch Model 1960"],"product":"HPE Networking Instant On","vendor":"Hewlett Packard Enterprise (HPE)","versions":[{"lessThanOrEqual":"3.3.3","status":"affected","version":"3.0.0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"reporter","value":"Aaron P. Davis"}],"datePublic":"2026-07-07T16:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>An unauthenticated remote disclosure vulnerability has been identified in HPE Networking Instant On 1830, 1930, and 1960 Switches. Successful exploitation of this vulnerability could allow an unauthenticated remote threat actor to access sensitive cryptographic secrets on a vulnerable system.</p>"}],"value":"An unauthenticated remote disclosure vulnerability has been identified in HPE Networking Instant On 1830, 1930, and 1960 Switches. Successful exploitation of this vulnerability could allow an unauthenticated remote threat actor to access sensitive cryptographic secrets on a vulnerable system."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"providerMetadata":{"dateUpdated":"2026-07-07T19:03:35.253Z","orgId":"eb103674-0d28-4225-80f8-39fb86215de0","shortName":"hpe"},"references":[{"url":"https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05038en_us&docLocale=en_US"}],"source":{"advisory":"HPESBNW05038","discovery":"EXTERNAL"},"title":"Unauthenticated Remote Disclosure of Cryptographic Secrets","x_generator":{"engine":"Vulnogram 0.2.0"}}},"cveMetadata":{"assignerOrgId":"eb103674-0d28-4225-80f8-39fb86215de0","assignerShortName":"hpe","cveId":"CVE-2026-44877","datePublished":"2026-07-07T19:03:35.253Z","dateReserved":"2026-05-07T21:29:22.243Z","dateUpdated":"2026-07-07T20:31:53.068Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-07-07 20:16:28","lastModifiedDate":"2026-07-07 21:17:25","problem_types":["CWE-200","CWE-200 CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"],"metrics":{"cvssMetricV31":[{"source":"security-alert@hpe.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T20:31:39.854857Z","id":"CVE-2026-44877","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"44877","Ordinal":"1","Title":"Unauthenticated Remote Disclosure of Cryptographic Secrets","CVE":"CVE-2026-44877","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"44877","Ordinal":"1","NoteData":"An unauthenticated remote disclosure vulnerability has been identified in HPE Networking Instant On 1830, 1930, and 1960 Switches. Successful exploitation of this vulnerability could allow an unauthenticated remote threat actor to access sensitive cryptographic secrets on a vulnerable system.","Type":"Description","Title":"Unauthenticated Remote Disclosure of Cryptographic Secrets"}]}}}