CVE-2014-2071

Name of the Vulnerable Software and Affected Versions Aruba Networks ClearPass Policy Manager versions 6.1.x through 6.2.x before 6.2.5.61640 Aruba Networks ClearPass Policy Manager versions 6.3.x before 6.3.0.61712

Description The issue allows remote authenticated users to gain privileges by advertising independent inner and outer identities within a tunneled EAP method when the software is configured to use tunneled and non-tunneled EAP methods in a single policy construct.

Recommendations For versions 6.1.x, update to a version after 6.2.5.61640 or apply a configuration change to separate tunneled and non-tunneled EAP methods. For versions 6.2.x before 6.2.5.61640, update to version 6.2.5.61640 or later. For versions 6.3.x before 6.3.0.61712, update to version 6.3.0.61712 or later.