CVE-2020-7120

Name of the Vulnerable Software and Affected Versions: Aruba ClearPass Policy Manager versions prior to 6.9.5 Aruba ClearPass Policy Manager version 6.8.8-HF1 Aruba ClearPass Policy Manager version 6.7.14-HF1

Description: A local authenticated buffer overflow vulnerability was discovered in Aruba ClearPass Policy Manager. The vulnerability in ClearPass OnGuard could allow local authenticated users to cause a buffer overflow condition. A successful exploit could allow a local attacker to execute arbitrary code within the context the binary is running in, which is a lower privileged account.

Recommendations: For versions prior to 6.9.5, update to version 6.9.5 or later. For version 6.8.8-HF1, update to a version that includes the necessary security fixes. For version 6.7.14-HF1, update to a version that includes the necessary security fixes. As a temporary workaround, consider restricting access to the ClearPass OnGuard module to minimize the risk of exploitation.