CVE-2018-7058

Name of the Vulnerable Software and Affected Versions Aruba ClearPass versions 6.6.x prior to 6.6.9

Description The issue allows an attacker to bypass authentication and gain administrator privileges on the system. It is exposed through ClearPass web interfaces, including administrative, guest captive portal, and API endpoints. The impact is lesser for customers who do not expose ClearPass web interfaces to untrusted users.

Recommendations For Aruba ClearPass versions 6.6.x prior to 6.6.9, update to version 6.6.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the ClearPass web interfaces to minimize the risk of exploitation.