Vulnerability Details CVE-2023-22771
An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability allows an attacker to keep a session running on an affected device after the removal of the impacted account
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.5%
CVSS Severity
CVSS v3 Score 6.8
References
Products affected by CVE-2023-22771
-
cpe:2.3:a:arubanetworks:sd-wan:*
-
cpe:2.3:h:arubanetworks:7010:-
-
cpe:2.3:h:arubanetworks:7030:-
-
cpe:2.3:h:arubanetworks:7205:-
-
cpe:2.3:h:arubanetworks:7210:-
-
cpe:2.3:h:arubanetworks:7220:-
-
cpe:2.3:h:arubanetworks:7240xm:-
-
cpe:2.3:h:arubanetworks:7280:-
-
cpe:2.3:h:arubanetworks:9004-lte:-
-
cpe:2.3:h:arubanetworks:9004:-
-
cpe:2.3:h:arubanetworks:9012:-
-
cpe:2.3:h:arubanetworks:mc-va-10:-
-
cpe:2.3:h:arubanetworks:mc-va-1k:-
-
cpe:2.3:h:arubanetworks:mc-va-250:-
-
cpe:2.3:h:arubanetworks:mc-va-50:-
-
cpe:2.3:h:arubanetworks:mcr-hw-10k:-
-
cpe:2.3:h:arubanetworks:mcr-hw-1k:-
-
cpe:2.3:h:arubanetworks:mcr-hw-5k:-
-
cpe:2.3:h:arubanetworks:mcr-va-10k:-
-
cpe:2.3:h:arubanetworks:mcr-va-1k:-
-
cpe:2.3:h:arubanetworks:mcr-va-500:-
-
cpe:2.3:h:arubanetworks:mcr-va-50:-
-
cpe:2.3:h:arubanetworks:mcr-va-5k:-
-
cpe:2.3:o:arubanetworks:arubaos:10.3.0.0
-
cpe:2.3:o:arubanetworks:arubaos:10.3.1.0
-
cpe:2.3:o:arubanetworks:arubaos:8.10.0.0
-
cpe:2.3:o:arubanetworks:arubaos:8.6.0.0
-
cpe:2.3:o:arubanetworks:arubaos:8.6.0.11
-
cpe:2.3:o:arubanetworks:arubaos:8.6.0.5
-
cpe:2.3:o:arubanetworks:arubaos:8.6.0.6
-
cpe:2.3:o:arubanetworks:arubaos:8.6.0.7
-
cpe:2.3:o:arubanetworks:arubaos:8.6.0.8
-
cpe:2.3:o:arubanetworks:arubaos:8.6.0.9