0X50D

**Name of the Vulnerable Software and Affected Versions** AOS-8 (affected versions not specified) **Description** A session management issue allows previously authenticated users to maintain network access after their accounts have been administratively disabled. Because existing sessions are not invalidated when credentials are revoked, access continues until the session expires. This could allow an attacker with compromised credentials to maintain unauthorized access despite the account being disabled. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AOS-CX OS (affected versions not specified) **Description** A flaw exists in the web management interface of the AOS-CX OS user authentication service. An authenticated remote attacker may be able to hijack an active user session. Successful exploitation could allow an attacker to maintain unauthorized access to the session, potentially enabling them to view or modify sensitive configuration data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.