HPE: ➤➤ Security Advisory: OpenSSH Keystroke Obfuscation Bypass (CVE-2024-39894) on ArubaOS-CX

HPE Security Advisory

Published Date: June 2, 2026

CVE: CVE-2024-39894

Advisory Summary

HPE has issued an important update regarding the OpenSSH keystroke obfuscation bypass vulnerability identified as CVE-2024-39894, specifically affecting ArubaOS-CX network operating systems. This security advisory (HPESBNW05062 rev.1) provides a clear status report on how this threat impacts ArubaOS-CX devices and outlines HPE’s mitigation efforts.

• The vulnerability allows attackers to bypass keystroke obfuscation in OpenSSH, potentially exposing sensitive session data.
• ArubaOS-CX devices have been analyzed for exposure to this vulnerability.
• HPE confirms the patched status or recommends immediate firmware updates depending on device and version.
• Network security teams managing ArubaOS-CX infrastructure should urgently assess their environments for risk exposure and apply available updates.

This update is crucial for data center and network professionals who rely on ArubaOS-CX, ensuring the continued integrity and confidentiality of SSH management sessions in their networks.

Reference: Vendor Advisory