Sensitive Information Disclosure in ClearPass OnGuard Ubuntu Agent
CVE-2023-25595

5.5MEDIUM

Key Information:

Vendor: HP
Status: Aruba ClearPass Policy Manager
Vendor: CVE Published:; 22 March 2023

Summary

A vulnerability exists in the ClearPass OnGuard Ubuntu agent that allows for an attacker with local Ubuntu instance access to potentially obtain sensitive information. Successful Exploitation of this vulnerability allows an attacker to retrieve information that is of a sensitive nature to the ClearPass/OnGuard environment.

Affected Version(s)

Aruba ClearPass Policy Manager 6.11.1 and below

Aruba ClearPass Policy Manager 6.10.8 and below

Aruba ClearPass Policy Manager 6.9.13 and below

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 22, 2023
Vulnerability Reserved
Feb 7, 2023

Credit

the security team at Airowire Networks