Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2023-AVI-0884
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Aruba ClearPass Policy Manager. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Contournement provisoire
- ClearPass Policy Manager versions 6.11.x antérieures à 6.11.5
- ClearPass Policy Manager versions 6.10.x antérieures à 6.10.8 Hotfix Q4 2023
- ClearPass Policy Manager versions 6.9.x antérieures à 6.9.13 Hotfix Q4 2023
L'éditeur précise que les versions antérieures ayant atteint leur date de fin de maintenance peuvent être affectées par ces vulnérabilités.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n## Contournement provisoire\n\n- ClearPass Policy Manager versions 6.11.x ant\u00e9rieures \u00e0 6.11.5\n- ClearPass Policy Manager versions 6.10.x ant\u00e9rieures \u00e0 6.10.8 Hotfix\n Q4 2023\n- ClearPass Policy Manager versions 6.9.x ant\u00e9rieures \u00e0 6.9.13 Hotfix\n Q4 2023\n\nL\u0027\u00e9diteur pr\u00e9cise que les versions ant\u00e9rieures ayant atteint leur date\nde fin de maintenance peuvent \u00eatre affect\u00e9es par ces vuln\u00e9rabilit\u00e9s.\n",
"cves": [
{
"name": "CVE-2023-43507",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43507"
},
{
"name": "CVE-2023-43508",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43508"
},
{
"name": "CVE-2023-43509",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43509"
},
{
"name": "CVE-2023-43510",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43510"
},
{
"name": "CVE-2023-43506",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43506"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0884",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Aruba ClearPass\nPolicy Manager. Elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Aruba ClearPass Policy Manager",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Aruba ARUBA-PSA-2023-016 du 24 octobre 2023",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt"
}
]
}
CVE-2023-43508 (GCVE-0-2023-43508)
Vulnerability from cvelistv5 – Published: 2023-10-24 18:11 – Updated: 2024-09-11 14:29
VLAI?
EPSS
Summary
Vulnerabilities in the web-based management interface of ClearPass Policy Manager allow an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of these vulnerabilities allow an attacker to complete state-changing actions in the web-based management interface that should not be allowed by their current level of authorization on the platform.
Severity ?
6.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba ClearPass Policy Manager |
Affected:
ClearPass Policy Manager 6.11.x: 6.11.4 and below , ≤ <=6.11.4
(semver)
Affected: ClearPass Policy Manager 6.10.x: 6.10.8 with ClearPass 6.10.8 Cumulative Hotfix Patch 5 and below Affected: ClearPass Policy Manager 6.9.x: 6.9.13 with ClearPass 6.9.13 Cumulative Hotfix Patch 3 and below |
Credits
Mateusz Dabrowski (dbrwsky)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:43.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43508",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T14:16:07.728074Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T14:29:44.188Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Aruba ClearPass Policy Manager",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "\u003c=6.11.4",
"status": "affected",
"version": "ClearPass Policy Manager 6.11.x: 6.11.4 and below",
"versionType": "semver"
},
{
"status": "affected",
"version": "ClearPass Policy Manager 6.10.x: 6.10.8 with ClearPass 6.10.8 Cumulative Hotfix Patch 5 and below"
},
{
"status": "affected",
"version": "ClearPass Policy Manager 6.9.x: 6.9.13 with ClearPass 6.9.13 Cumulative Hotfix Patch 3 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mateusz Dabrowski (dbrwsky)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerabilities in the web-based management interface of\u0026nbsp;ClearPass Policy Manager allow an attacker with read-only\u0026nbsp;privileges to perform actions that change the state of the\u0026nbsp;ClearPass Policy Manager instance. Successful exploitation\u0026nbsp;of these vulnerabilities allow an attacker to complete\u0026nbsp;state-changing actions in the web-based management interface\u0026nbsp;that should not be allowed by their current level of\u0026nbsp;authorization on the platform."
}
],
"value": "Vulnerabilities in the web-based management interface of\u00a0ClearPass Policy Manager allow an attacker with read-only\u00a0privileges to perform actions that change the state of the\u00a0ClearPass Policy Manager instance. Successful exploitation\u00a0of these vulnerabilities allow an attacker to complete\u00a0state-changing actions in the web-based management interface\u00a0that should not be allowed by their current level of\u00a0authorization on the platform."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T18:11:58.092Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authorization Bypass Leading to Privilege Escalation in ClearPass Policy Manager Web-Based Management Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-43508",
"datePublished": "2023-10-24T18:11:58.092Z",
"dateReserved": "2023-09-19T14:41:06.499Z",
"dateUpdated": "2024-09-11T14:29:44.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43506 (GCVE-0-2023-43506)
Vulnerability from cvelistv5 – Published: 2023-10-24 18:08 – Updated: 2024-09-11 17:50
VLAI?
EPSS
Summary
A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance.
Severity ?
7.8 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba ClearPass Policy Manager |
Affected:
ClearPass Policy Manager 6.11.x: 6.11.4 and below , ≤ <=6.11.4
(semver)
Affected: ClearPass Policy Manager 6.10.x: 6.10.8 with ClearPass 6.10.8 Cumulative Hotfix Patch 5 and below Affected: ClearPass Policy Manager 6.9.x: 6.9.13 with ClearPass 6.9.13 Cumulative Hotfix Patch 3 and below |
Credits
Luke Young (bugcrowd.com/bored_engineer)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:42.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hpe:aruba_clear_pass_policy_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aruba_clear_pass_policy_manager",
"vendor": "hpe",
"versions": [
{
"lessThanOrEqual": "6.11.4",
"status": "affected",
"version": "6.11x",
"versionType": "custom"
},
{
"lessThan": "6.10.8",
"status": "affected",
"version": "6.10x",
"versionType": "custom"
},
{
"lessThan": "6.9.13",
"status": "affected",
"version": "6.9x",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43506",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T17:47:31.798835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:50:00.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Aruba ClearPass Policy Manager",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "\u003c=6.11.4",
"status": "affected",
"version": "ClearPass Policy Manager 6.11.x: 6.11.4 and below",
"versionType": "semver"
},
{
"status": "affected",
"version": "ClearPass Policy Manager 6.10.x: 6.10.8 with ClearPass 6.10.8 Cumulative Hotfix Patch 5 and below"
},
{
"status": "affected",
"version": "ClearPass Policy Manager 6.9.x: 6.9.13 with ClearPass 6.9.13 Cumulative Hotfix Patch 3 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Luke Young (bugcrowd.com/bored_engineer)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in the ClearPass OnGuard Linux agent could\u0026nbsp;allow malicious users on a Linux instance to elevate their\u0026nbsp;user privileges to those of a higher role. A successful\u0026nbsp;exploit allows malicious users to execute arbitrary code\u0026nbsp;with root level privileges on the Linux instance."
}
],
"value": "A vulnerability in the ClearPass OnGuard Linux agent could\u00a0allow malicious users on a Linux instance to elevate their\u00a0user privileges to those of a higher role. A successful\u00a0exploit allows malicious users to execute arbitrary code\u00a0with root level privileges on the Linux instance."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T18:08:31.010Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local Privilege Escalation in ClearPass OnGuard Linux Agent",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-43506",
"datePublished": "2023-10-24T18:08:31.010Z",
"dateReserved": "2023-09-19T14:41:06.498Z",
"dateUpdated": "2024-09-11T17:50:00.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43509 (GCVE-0-2023-43509)
Vulnerability from cvelistv5 – Published: 2023-10-24 18:13 – Updated: 2024-09-11 17:42
VLAI?
EPSS
Summary
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to send notifications to computers that are running ClearPass OnGuard. These notifications can then be used to phish users or trick them into downloading malicious software.
Severity ?
5.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba ClearPass Policy Manager |
Affected:
ClearPass Policy Manager 6.11.x: 6.11.4 and below , ≤ <=6.11.4
(semver)
Affected: ClearPass Policy Manager 6.10.x: 6.10.8 with ClearPass 6.10.8 Cumulative Hotfix Patch 5 and below Affected: ClearPass Policy Manager 6.9.x: 6.9.13 with ClearPass 6.9.13 Cumulative Hotfix Patch 3 and below |
Credits
Luke Young (bugcrowd.com/bored-engineer)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:42.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hpe:aruba_clear_pass_policy_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aruba_clear_pass_policy_manager",
"vendor": "hpe",
"versions": [
{
"lessThanOrEqual": "6.11.4",
"status": "affected",
"version": "6.11x",
"versionType": "custom"
},
{
"lessThan": "6.10.8",
"status": "affected",
"version": "6.10x",
"versionType": "custom"
},
{
"lessThan": "6.9.13",
"status": "affected",
"version": "6.9x",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43509",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T17:35:06.867846Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:42:00.784Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Aruba ClearPass Policy Manager",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "\u003c=6.11.4",
"status": "affected",
"version": "ClearPass Policy Manager 6.11.x: 6.11.4 and below",
"versionType": "semver"
},
{
"status": "affected",
"version": "ClearPass Policy Manager 6.10.x: 6.10.8 with ClearPass 6.10.8 Cumulative Hotfix Patch 5 and below"
},
{
"status": "affected",
"version": "ClearPass Policy Manager 6.9.x: 6.9.13 with ClearPass 6.9.13 Cumulative Hotfix Patch 3 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Luke Young (bugcrowd.com/bored-engineer)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in the web-based management interface of\u0026nbsp;ClearPass Policy Manager could allow an unauthenticated\u0026nbsp;remote attacker to send notifications to computers that are\u0026nbsp;running ClearPass OnGuard. These notifications can then be\u0026nbsp;used to phish users or trick them into downloading malicious\u0026nbsp;software."
}
],
"value": "A vulnerability in the web-based management interface of\u00a0ClearPass Policy Manager could allow an unauthenticated\u00a0remote attacker to send notifications to computers that are\u00a0running ClearPass OnGuard. These notifications can then be\u00a0used to phish users or trick them into downloading malicious\u00a0software."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T18:13:15.076Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Endpoint Allows Sending Arbitrary OnGuard Notifications",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-43509",
"datePublished": "2023-10-24T18:13:15.076Z",
"dateReserved": "2023-09-19T14:41:06.499Z",
"dateUpdated": "2024-09-11T17:42:00.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43507 (GCVE-0-2023-43507)
Vulnerability from cvelistv5 – Published: 2023-10-24 18:10 – Updated: 2024-09-11 17:46
VLAI?
EPSS
Summary
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster.
Severity ?
7.2 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba ClearPass Policy Manager |
Affected:
ClearPass Policy Manager 6.11.x: 6.11.4 and below , ≤ <=6.11.4
(semver)
Affected: ClearPass Policy Manager 6.10.x: 6.10.8 with ClearPass 6.10.8 Cumulative Hotfix Patch 5 and below Affected: ClearPass Policy Manager 6.9.x: 6.9.13 with ClearPass 6.9.13 Cumulative Hotfix Patch 3 and below |
Credits
Luke Young (bugcrowd.com/bored_engineer)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:43.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hpe:aruba_clear_pass_policy_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aruba_clear_pass_policy_manager",
"vendor": "hpe",
"versions": [
{
"lessThanOrEqual": "6.11.4",
"status": "affected",
"version": "6.11x",
"versionType": "custom"
},
{
"lessThan": "6.10.8",
"status": "affected",
"version": "6.10x",
"versionType": "custom"
},
{
"lessThan": "6.9.13",
"status": "affected",
"version": "6.9x",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43507",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T17:43:03.604273Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:46:38.200Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Aruba ClearPass Policy Manager",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "\u003c=6.11.4",
"status": "affected",
"version": "ClearPass Policy Manager 6.11.x: 6.11.4 and below",
"versionType": "semver"
},
{
"status": "affected",
"version": "ClearPass Policy Manager 6.10.x: 6.10.8 with ClearPass 6.10.8 Cumulative Hotfix Patch 5 and below"
},
{
"status": "affected",
"version": "ClearPass Policy Manager 6.9.x: 6.9.13 with ClearPass 6.9.13 Cumulative Hotfix Patch 3 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Luke Young (bugcrowd.com/bored_engineer)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in the web-based management interface of\u0026nbsp;ClearPass Policy Manager could allow an authenticated\u0026nbsp;remote attacker to conduct SQL injection attacks against\u0026nbsp;the ClearPass Policy Manager instance. An attacker could\u0026nbsp;exploit this vulnerability to obtain and modify sensitive\u0026nbsp;information in the underlying database potentially leading\u0026nbsp;to complete compromise of the ClearPass Policy Manager\u0026nbsp;cluster."
}
],
"value": "A vulnerability in the web-based management interface of\u00a0ClearPass Policy Manager could allow an authenticated\u00a0remote attacker to conduct SQL injection attacks against\u00a0the ClearPass Policy Manager instance. An attacker could\u00a0exploit this vulnerability to obtain and modify sensitive\u00a0information in the underlying database potentially leading\u00a0to complete compromise of the ClearPass Policy Manager\u00a0cluster."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T18:10:06.158Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated SQL Injection Vulnerability in ClearPass Policy Manager Web-based Management Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-43507",
"datePublished": "2023-10-24T18:10:06.158Z",
"dateReserved": "2023-09-19T14:41:06.499Z",
"dateUpdated": "2024-09-11T17:46:38.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43510 (GCVE-0-2023-43510)
Vulnerability from cvelistv5 – Published: 2023-10-24 18:14 – Updated: 2024-09-11 17:17
VLAI?
EPSS
Summary
A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a non-privileged user on the underlying operating system leading to partial system compromise.
Severity ?
4.7 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | Aruba ClearPass Policy Manager |
Affected:
ClearPass Policy Manager 6.11.x: 6.11.4 and below , ≤ <=6.11.4
(semver)
Affected: ClearPass Policy Manager 6.10.x: 6.10.8 with ClearPass 6.10.8 Cumulative Hotfix Patch 5 and below Affected: ClearPass Policy Manager 6.9.x: 6.9.13 with ClearPass 6.9.13 Cumulative Hotfix Patch 3 and below |
Credits
Daniel Jensen (@dozernz)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:42.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43510",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T17:16:43.166442Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:17:15.639Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Aruba ClearPass Policy Manager",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "\u003c=6.11.4",
"status": "affected",
"version": "ClearPass Policy Manager 6.11.x: 6.11.4 and below",
"versionType": "semver"
},
{
"status": "affected",
"version": "ClearPass Policy Manager 6.10.x: 6.10.8 with ClearPass 6.10.8 Cumulative Hotfix Patch 5 and below"
},
{
"status": "affected",
"version": "ClearPass Policy Manager 6.9.x: 6.9.13 with ClearPass 6.9.13 Cumulative Hotfix Patch 3 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Daniel Jensen (@dozernz)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in the ClearPass Policy Manager web-based\u0026nbsp;management interface allows remote authenticated users to\u0026nbsp;run arbitrary commands on the underlying host. A successful\u0026nbsp;exploit could allow an attacker to execute arbitrary\u0026nbsp;commands as a non-privileged user on the underlying\u0026nbsp;operating system leading to partial system compromise."
}
],
"value": "A vulnerability in the ClearPass Policy Manager web-based\u00a0management interface allows remote authenticated users to\u00a0run arbitrary commands on the underlying host. A successful\u00a0exploit could allow an attacker to execute arbitrary\u00a0commands as a non-privileged user on the underlying\u00a0operating system leading to partial system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T18:14:37.992Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated Remote Command Injection in ClearPass Policy Manager Web-Based Management Interface Leading to Partial System Compromise",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2023-43510",
"datePublished": "2023-10-24T18:14:37.992Z",
"dateReserved": "2023-09-19T14:41:06.499Z",
"dateUpdated": "2024-09-11T17:17:15.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…