CVE-2017-9002

Name of the Vulnerable Software and Affected Versions Aruba ClearPass versions prior to 6.6.8

Description The issue allows an attacker to obtain sensitive information, such as session cookies or passwords, by tricking a logged-in administrative user into clicking a malicious link. This can happen when the administrative user is currently logged into the system in the same browser.

Recommendations For versions prior to 6.6.8, update to version 6.6.8 or later to resolve the issue. As a temporary workaround, consider restricting access to administrative functions to minimize the risk of exploitation. Avoid clicking on suspicious links while logged into the ClearPass administrative interface.