PT-2023-14244 · Aruba · Aruba Clearpass Policy Manager+1
Published
2023-01-03
·
Updated
2023-01-11
·
CVE-2022-43533
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Aruba ClearPass Policy Manager versions 6.10.x: 6.10.7 and below
Aruba ClearPass Policy Manager versions 6.9.x: 6.9.12 and below
Description
A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the macOS instance.
Recommendations
For Aruba ClearPass Policy Manager versions 6.10.x: 6.10.7 and below, update to a version above 6.10.7 to resolve the issue.
For Aruba ClearPass Policy Manager versions 6.9.x: 6.9.12 and below, update to a version above 6.9.12 to resolve the issue.
As a temporary workaround, consider restricting access to the ClearPass OnGuard macOS agent until a patch is available.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aruba Clearpass Policy Manager
Clearpass Onguard