PT-2018-17877 · Aruba · Aruba Clearpass

Publicado

2018-08-06

Atualizado

2018-10-18

CVE-2018-7059

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Aruba ClearPass versions prior to 6.6.9

Description The issue affects the API that coordinates cluster actions, allowing an authenticated user with the mon permission to potentially obtain cluster credentials. This could lead to privilege escalation. The vulnerability is specific to users authenticated with the mon permission.

Recommendations For versions prior to 6.6.9, update to version 6.6.9 or later to resolve the issue. As a temporary workaround, consider restricting the mon permission to minimize the risk of exploitation.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2018-7059

Produtos afetados

Aruba Clearpass

PT-2018-17877 · Aruba · Aruba Clearpass

CVE-2018-7059

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3