A critical authentication bypass in AOS-CX switches allows unauthenticated remote attackers to circumvent security controls and potentially reset the admin password, leading to total device takeover.

This vulnerability resides in the web-based management interface of AOS-CX switches. An unauthenticated remote actor can exploit a flaw in the authentication logic to circumvent existing controls. In certain scenarios, this enables the attacker to reset the administrative password, granting them full unauthorized access to the switch configuration.

The impact is critical, as reflected by the CVSS score of 9.8. Unauthorized access to core networking infrastructure allows an attacker to intercept traffic, redirect data, or disable the network entirely. This poses a catastrophic risk to the organization's network security and operational continuity.

Immediate Action: Update the AOS-CX firmware to the latest secure version provided by the vendor immediately.

Proactive Monitoring: Review switch management logs for unauthorized access attempts or unexpected administrative password changes.

Compensating Controls: Disable the web-based management interface on untrusted networks and restrict management access to a dedicated, isolated Management VLAN with strict ACLs.

Public Exploit Available: No

Networking hardware is the backbone of security. This vulnerability must be remediated with the highest priority. Administrators should apply the firmware update immediately and ensure that all management interfaces are secured behind robust network-level protections.