vulnerability

Aruba ECOS: CVE-2022-43529: Failure to Properly Invalidate User Session in Aruba EdgeConnect Enterprise Orchestrator Web-Based Management Interface

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:M/Au:S/C:P/I:P/A:N)	Dec 13, 2022	Mar 17, 2025	Jul 3, 2025

Severity

CVSS

(AV:N/AC:M/Au:S/C:P/I:P/A:N)

Published

Dec 13, 2022

Added

Mar 17, 2025

Modified

Jul 3, 2025

Description

A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an remote attacker to persist a session after a password reset or similar session clearing event. Successful exploitation of this vulnerability could allow an authenticated attacker to remain on the system with the permissions of their current session after the session should be invalidated.

Solution

aruba-ecos-cve-2022-43529

References

CVE-2022-43529
https://attackerkb.com/topics/CVE-2022-43529
URL-https://csaf.arubanetworks.com/2022/hpe_aruba_networking_-_2022-021.json
CWE-384

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today