PT-2020-19384 · Aruba · Clearpass Policy Manager

Published

2020-06-03

Updated

2020-06-04

CVE-2020-7117

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Aruba ClearPass Policy Manager versions prior to 6.7.13-HF Aruba ClearPass Policy Manager versions prior to 6.8.5-HF Aruba ClearPass Policy Manager versions prior to 6.8.6 Aruba ClearPass Policy Manager versions prior to 6.9.1

Description The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution issue. When an attacker is already authenticated to the administrative interface, they could exploit the system, leading to remote command execution in the underlying operating system.

Recommendations For versions prior to 6.7.13-HF, update to 6.7.13-HF or higher. For versions prior to 6.8.5-HF, update to 6.8.5-HF or higher. For versions prior to 6.8.6, update to 6.8.6 or higher. For versions prior to 6.9.1, update to 6.9.1 or higher.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-7117

Affected Products

Clearpass Policy Manager

PT-2020-19384 · Aruba · Clearpass Policy Manager

CVE-2020-7117

Related Identifiers

Affected Products

References · 3