PT-2018-17877 · Aruba · Aruba Clearpass

Published

2018-08-06

Updated

2018-10-18

CVE-2018-7059

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Aruba ClearPass versions prior to 6.6.9

Description The issue affects the API that coordinates cluster actions, allowing an authenticated user with the mon permission to potentially obtain cluster credentials. This could lead to privilege escalation. The vulnerability is specific to users authenticated with the mon permission.

Recommendations For versions prior to 6.6.9, update to version 6.6.9 or later to resolve the issue. As a temporary workaround, consider restricting the mon permission to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2018-7059

Affected Products

Aruba Clearpass

PT-2018-17877 · Aruba · Aruba Clearpass

CVE-2018-7059

Weakness Enumeration

Related Identifiers

Affected Products

References · 3