A session management vulnerability exists in HPE Aruba Networking Operating System AOS-8. This vulnerability allows previously authenticated users to retain network access even after their accounts have been administratively disabled. When credentials are revoked, existing sessions are not invalidated, enabling continued access until the session expires. This behavior could be exploited by an attacker with compromised credentials to maintain unauthorized access despite account deactivation.
Exploitation of this vulnerability could lead to unauthorized access to network resources, allowing an attacker to interact with the network as if they were a legitimate user, even after their account has been disabled.
To address this vulnerability, users should delete the affected account using the 'aaa user delete' command. For more information, consult the HPE Aruba Networking Support Portal.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
