CVE-2014-6621

Name of the Vulnerable Software and Affected Versions Aruba Networks ClearPass versions prior to 6.3.6 Aruba Networks ClearPass versions 6.4.x prior to 6.4.1

Description The issue allows remote attackers to obtain sensitive information, including version numbers and module configuration, by accessing the troubleshooting and diagnostics page, which is not disabled in production systems.

Recommendations For versions prior to 6.3.6, update to version 6.3.6 or later to resolve the issue. For versions 6.4.x prior to 6.4.1, update to version 6.4.1 or later to resolve the issue. As a temporary workaround, consider disabling access to the troubleshooting and diagnostics page to minimize the risk of exploitation.