← Back

CVE-2023-22771

nvd nist
Published: Mar 1, 2023Modified: Nov 21, 2024

JSON object

Loading...
2.4
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
Exploitability: 0.9 / Impact: 1.4
Source: NVD

Description

An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability allows an attacker to keep a session running on an affected device after the removal of the impacted account

Affected (4)

Arubanetworks
2 products
Arubaos
Sd Wan
Configuration A
3 vulnerable · 22 platform
Vulnerable SoftwareAffected Versions
Arubanetworks
Arubaos
From 10.3.0.0 to 10.3.1.0
Arubaos
From 8.10.0.0 to 8.10.0.4
Arubaos
From 8.6.0.0 to 8.6.0.19
Running on/withPlatform Versions
Arubanetworks
7010
All versions
Arubanetworks
7030
All versions
Arubanetworks
7205
All versions
Arubanetworks
7210
All versions
Arubanetworks
7220
All versions
Arubanetworks
7240xm
All versions
Arubanetworks
7280
All versions
Arubanetworks
9004
All versions
Arubanetworks
9004 Lte
All versions
Arubanetworks
9012
All versions
Arubanetworks
Mc Va 10
All versions
Arubanetworks
Mc Va 1k
All versions
Arubanetworks
Mc Va 250
All versions
Arubanetworks
Mc Va 50
All versions
Arubanetworks
Mcr Hw 10k
All versions
Arubanetworks
Mcr Hw 1k
All versions
Arubanetworks
Mcr Hw 5k
All versions
Arubanetworks
Mcr Va 10k
All versions
Arubanetworks
Mcr Va 1k
All versions
Arubanetworks
Mcr Va 50
All versions
Arubanetworks
Mcr Va 500
All versions
Arubanetworks
Mcr Va 5k
All versions
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Sd Wan
From 8.7.0.0-2.3.0.0 to 8.7.0.0-2.3.0.8

Related CWEs

CWE-613
Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

References (2)

Source: security-alert@hpe.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.