CVE-2023-22771Insufficient Session Expiration in Arubaos

CWE-613Insufficient Session Expiration3 documents3 sources
Severity
2.4LOWNVD
CNA6.8
EPSS
0.2%
top 51.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Arubanetworks ArubaosArubanetworks Sd-wan
Timeline
PublishedMar 1

Description

An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability allows an attacker to keep a session running on an affected device after the removal of the impacted account

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:NExploitability: 0.9 | Impact: 1.4

Affected Packages2 packages

NVDarubanetworks/arubaos8.6.0.08.6.0.19+2
NVDarubanetworks/sd-wan8.7.0.0-2.3.0.08.7.0.0-2.3.0.8

🔴Vulnerability Details

2
GHSA
GHSA-2xwx-qwxw-x89v: An insufficient session expiration vulnerability exists in the ArubaOS command line interface2023-03-01
CVEList
Insufficient Session Expiration in ArubaOS Command Line Interface2023-02-28
CVE-2023-22771 — Insufficient Session Expiration | cvebase