A control vulnerability in Aruba’s wireless operating system allows an attacker to forge a MAC address and reuse a port‑stealing technique across multiple BSSIDs. By manipulating the association between BSSIDs and virtual ports, the attacker can bypass inter‑BSSID isolation and redirect network traffic. This enables eavesdropping, session hijacking, or denial of service against connected clients. The weakness is categorized as a resource‑exhaustion type flaw that permits the exploitation of virtual port mappings.

The flaw affects Hewlett Packard Enterprise Aruba Networking Wireless Operating System (AOS‑10 and AOS‑8) and a range of device models including Aruba 7010, 7030, 7205, 7210, 7220, 7240XM, 7280, 9004, 9012, 9106, 9114, 9240, as well as AP models 634, 635, 654 and 655. The issue also applies to deployments running ArubaOS 10.8.0.0 and later.

The CVSS base score of 5.4 indicates a moderate impact, primarily affecting network traffic. The EPSS score of less than 1% suggests that exploitation is currently unlikely, and the vulnerability is not listed in CISA’s KEV catalog, meaning no publicly reported exploits are known. However, the attack can still occur in environments where an attacker can craft a rogue client to transmit spoofed MAC addresses across BSSIDs. By doing so, the attacker bypasses inter‑BSSID isolation and redirect traffic, which can lead to eavesdropping, session hijacking, or denial of service. Mitigation requires timely patching or configuration changes to enforce stricter isolation.