6.8
CVE-2023-22771
- EPSS 0.08%
- Published 01.03.2023 08:15:14
- Last modified 21.11.2024 07:45:23
- Source security-alert@hpe.com
- Teams watchlist Login
- Open Login
An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability allows an attacker to keep a session running on an affected device after the removal of the impacted account
Data is provided by the National Vulnerability Database (NVD)
Arubanetworks ≫ Arubaos Version >= 8.6.0.0 <= 8.6.0.19
Arubanetworks ≫ 7010 Version-
Arubanetworks ≫ 7030 Version-
Arubanetworks ≫ 7205 Version-
Arubanetworks ≫ 7210 Version-
Arubanetworks ≫ 7220 Version-
Arubanetworks ≫ 7240xm Version-
Arubanetworks ≫ 7280 Version-
Arubanetworks ≫ 9004 Version-
Arubanetworks ≫ 9004-lte Version-
Arubanetworks ≫ 9012 Version-
Arubanetworks ≫ Mc-va-10 Version-
Arubanetworks ≫ Mc-va-1k Version-
Arubanetworks ≫ Mc-va-250 Version-
Arubanetworks ≫ Mc-va-50 Version-
Arubanetworks ≫ Mcr-hw-10k Version-
Arubanetworks ≫ Mcr-hw-1k Version-
Arubanetworks ≫ Mcr-hw-5k Version-
Arubanetworks ≫ Mcr-va-10k Version-
Arubanetworks ≫ Mcr-va-1k Version-
Arubanetworks ≫ Mcr-va-50 Version-
Arubanetworks ≫ Mcr-va-500 Version-
Arubanetworks ≫ Mcr-va-5k Version-
Arubanetworks ≫ 7030 Version-
Arubanetworks ≫ 7205 Version-
Arubanetworks ≫ 7210 Version-
Arubanetworks ≫ 7220 Version-
Arubanetworks ≫ 7240xm Version-
Arubanetworks ≫ 7280 Version-
Arubanetworks ≫ 9004 Version-
Arubanetworks ≫ 9004-lte Version-
Arubanetworks ≫ 9012 Version-
Arubanetworks ≫ Mc-va-10 Version-
Arubanetworks ≫ Mc-va-1k Version-
Arubanetworks ≫ Mc-va-250 Version-
Arubanetworks ≫ Mc-va-50 Version-
Arubanetworks ≫ Mcr-hw-10k Version-
Arubanetworks ≫ Mcr-hw-1k Version-
Arubanetworks ≫ Mcr-hw-5k Version-
Arubanetworks ≫ Mcr-va-10k Version-
Arubanetworks ≫ Mcr-va-1k Version-
Arubanetworks ≫ Mcr-va-50 Version-
Arubanetworks ≫ Mcr-va-500 Version-
Arubanetworks ≫ Mcr-va-5k Version-
Arubanetworks ≫ Arubaos Version >= 8.10.0.0 <= 8.10.0.4
Arubanetworks ≫ 7010 Version-
Arubanetworks ≫ 7030 Version-
Arubanetworks ≫ 7205 Version-
Arubanetworks ≫ 7210 Version-
Arubanetworks ≫ 7220 Version-
Arubanetworks ≫ 7240xm Version-
Arubanetworks ≫ 7280 Version-
Arubanetworks ≫ 9004 Version-
Arubanetworks ≫ 9004-lte Version-
Arubanetworks ≫ 9012 Version-
Arubanetworks ≫ Mc-va-10 Version-
Arubanetworks ≫ Mc-va-1k Version-
Arubanetworks ≫ Mc-va-250 Version-
Arubanetworks ≫ Mc-va-50 Version-
Arubanetworks ≫ Mcr-hw-10k Version-
Arubanetworks ≫ Mcr-hw-1k Version-
Arubanetworks ≫ Mcr-hw-5k Version-
Arubanetworks ≫ Mcr-va-10k Version-
Arubanetworks ≫ Mcr-va-1k Version-
Arubanetworks ≫ Mcr-va-50 Version-
Arubanetworks ≫ Mcr-va-500 Version-
Arubanetworks ≫ Mcr-va-5k Version-
Arubanetworks ≫ 7030 Version-
Arubanetworks ≫ 7205 Version-
Arubanetworks ≫ 7210 Version-
Arubanetworks ≫ 7220 Version-
Arubanetworks ≫ 7240xm Version-
Arubanetworks ≫ 7280 Version-
Arubanetworks ≫ 9004 Version-
Arubanetworks ≫ 9004-lte Version-
Arubanetworks ≫ 9012 Version-
Arubanetworks ≫ Mc-va-10 Version-
Arubanetworks ≫ Mc-va-1k Version-
Arubanetworks ≫ Mc-va-250 Version-
Arubanetworks ≫ Mc-va-50 Version-
Arubanetworks ≫ Mcr-hw-10k Version-
Arubanetworks ≫ Mcr-hw-1k Version-
Arubanetworks ≫ Mcr-hw-5k Version-
Arubanetworks ≫ Mcr-va-10k Version-
Arubanetworks ≫ Mcr-va-1k Version-
Arubanetworks ≫ Mcr-va-50 Version-
Arubanetworks ≫ Mcr-va-500 Version-
Arubanetworks ≫ Mcr-va-5k Version-
Arubanetworks ≫ Arubaos Version >= 10.3.0.0 <= 10.3.1.0
Arubanetworks ≫ 7010 Version-
Arubanetworks ≫ 7030 Version-
Arubanetworks ≫ 7205 Version-
Arubanetworks ≫ 7210 Version-
Arubanetworks ≫ 7220 Version-
Arubanetworks ≫ 7240xm Version-
Arubanetworks ≫ 7280 Version-
Arubanetworks ≫ 9004 Version-
Arubanetworks ≫ 9004-lte Version-
Arubanetworks ≫ 9012 Version-
Arubanetworks ≫ Mc-va-10 Version-
Arubanetworks ≫ Mc-va-1k Version-
Arubanetworks ≫ Mc-va-250 Version-
Arubanetworks ≫ Mc-va-50 Version-
Arubanetworks ≫ Mcr-hw-10k Version-
Arubanetworks ≫ Mcr-hw-1k Version-
Arubanetworks ≫ Mcr-hw-5k Version-
Arubanetworks ≫ Mcr-va-10k Version-
Arubanetworks ≫ Mcr-va-1k Version-
Arubanetworks ≫ Mcr-va-50 Version-
Arubanetworks ≫ Mcr-va-500 Version-
Arubanetworks ≫ Mcr-va-5k Version-
Arubanetworks ≫ 7030 Version-
Arubanetworks ≫ 7205 Version-
Arubanetworks ≫ 7210 Version-
Arubanetworks ≫ 7220 Version-
Arubanetworks ≫ 7240xm Version-
Arubanetworks ≫ 7280 Version-
Arubanetworks ≫ 9004 Version-
Arubanetworks ≫ 9004-lte Version-
Arubanetworks ≫ 9012 Version-
Arubanetworks ≫ Mc-va-10 Version-
Arubanetworks ≫ Mc-va-1k Version-
Arubanetworks ≫ Mc-va-250 Version-
Arubanetworks ≫ Mc-va-50 Version-
Arubanetworks ≫ Mcr-hw-10k Version-
Arubanetworks ≫ Mcr-hw-1k Version-
Arubanetworks ≫ Mcr-hw-5k Version-
Arubanetworks ≫ Mcr-va-10k Version-
Arubanetworks ≫ Mcr-va-1k Version-
Arubanetworks ≫ Mcr-va-50 Version-
Arubanetworks ≫ Mcr-va-500 Version-
Arubanetworks ≫ Mcr-va-5k Version-
Arubanetworks ≫ Sd-wan Version >= 8.7.0.0-2.3.0.0 <= 8.7.0.0-2.3.0.8
02.03.2023: CERT.at Warnung
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.213 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 2.4 | 0.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
|
| security-alert@hpe.com | 6.8 | 0.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
|
CWE-613 Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."