Vulnerabilities > CVE-2023-22771 - Insufficient Session Expiration vulnerability in Arubanetworks Arubaos and Sd-Wan

CVSS 2.4 - LOW

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

arubanetworks

CWE-613

NVD

Published: 2023-03-01

Updated: 2023-11-07

Summary

An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability allows an attacker to keep a session running on an affected device after the removal of the impacted account

Vulnerable Configurations

Part	Description	Count
OS	Arubanetworks Arubanetworks Arubaos 8.6.0.0 Arubanetworks Arubaos 8.6.0.5 Arubanetworks Arubaos 8.6.0.6 Arubanetworks Arubaos 8.6.0.7 Arubanetworks Arubaos 8.6.0.8 Arubanetworks Arubaos 8.6.0.9 Arubanetworks Arubaos 8.6.0.11 Arubanetworks Arubaos 8.10.0.0 Arubanetworks Arubaos 10.3.0.0 Arubanetworks Arubaos 10.3.1.0	10
Hardware	Arubanetworks Arubanetworks 7010 - Arubanetworks 7030 - Arubanetworks 7205 - Arubanetworks 7210 - Arubanetworks 7220 - Arubanetworks 7240Xm - Arubanetworks 7280 - Arubanetworks 9004 - Arubanetworks 9004 LTE - Arubanetworks 9012 - Arubanetworks MC VA 10 - Arubanetworks MC VA 1K - Arubanetworks MC VA 250 - Arubanetworks MC VA 50 - Arubanetworks MCR HW 10K - Arubanetworks MCR HW 1K - Arubanetworks MCR HW 5K - Arubanetworks MCR VA 10K - Arubanetworks MCR VA 1K - Arubanetworks MCR VA 50 - Arubanetworks MCR VA 500 - Arubanetworks MCR VA 5K -	22
Application	Arubanetworks Arubanetworks SD WAN *	1

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt