Unauthenticated Arbitrary User Creation Leads to Complete System Compromise
CVE-2023-25589
9.8CRITICAL
What is CVE-2023-25589?
A vulnerability in the web-based management interface of ClearPass Policy Manager can be exploited by an unauthenticated remote attacker, enabling them to create arbitrary user accounts on the platform. This exploit permits attackers to gain unauthorized access and potentially compromise the entire cluster, raising significant security concerns for network integrity.
Affected Version(s)
Aruba ClearPass Policy Manager 6.11.1 and below
Aruba ClearPass Policy Manager 6.10.8 and below
Aruba ClearPass Policy Manager 6.9.13 and below