CVE-2013-2269

Name of the Vulnerable Software and Affected Versions Aruba Networks ClearPass versions 5.x through 6.0.2 Amigopod/ClearPass Guest versions 3.0 through 3.9.7

Description The issue allows remote attackers to bypass intended access restrictions and approve a request. This is achieved by sending a guest request, then using parameter manipulation in conjunction with information from a default holding page to discover the link used for sponsor approval of the guest request, and finally performing a direct request to that link.

Recommendations For Aruba Networks ClearPass versions 5.x through 6.0.2, update to a version that includes a fix for this issue. For Amigopod/ClearPass Guest versions 3.0 through 3.9.7, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the Sponsorship Confirmation functionality until a patch is available.