CVE-2022-43535

Name of the Vulnerable Software and Affected Versions Aruba ClearPass Policy Manager versions 6.10.x: 6.10.7 and below Aruba ClearPass Policy Manager versions 6.9.x: 6.9.12 and below

Description A vulnerability in the ClearPass OnGuard Windows agent could allow malicious users on a Windows instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with NT AUTHORITYSYSTEM level privileges on the Windows instance.

Recommendations For Aruba ClearPass Policy Manager versions 6.10.x: 6.10.7 and below, update to a version above 6.10.7 to resolve the issue. For Aruba ClearPass Policy Manager versions 6.9.x: 6.9.12 and below, update to a version above 6.9.12 to resolve the issue. As a temporary workaround, consider restricting access to the ClearPass OnGuard Windows agent to minimize the risk of exploitation.