Local Privilege Escalation in ClearPass OnGuard Linux Agent
CVE-2023-43506

7.8HIGH

Key Information:

Vendor: HP
Status: Aruba Clearpass Policy Manager
Vendor: CVE Published:; 25 October 2023

Summary

A vulnerability in the ClearPass OnGuard Linux agent enables attackers with local access to escalate their privileges. This flaw permits malicious users to run arbitrary code with root-level permissions, potentially compromising the entire Linux instance.

Affected Version(s)

Aruba ClearPass Policy Manager ClearPass Policy Manager 6.11.x: 6.11.4 and below

Aruba ClearPass Policy Manager ClearPass Policy Manager 6.10.x: 6.10.8 with ClearPass 6.10.8 Cumulative Hotfix Patch 5 and below

Aruba ClearPass Policy Manager ClearPass Policy Manager 6.9.x: 6.9.13 with ClearPass 6.9.13 Cumulative Hotfix Patch 3 and below

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 25, 2023
Vulnerability Reserved
Sep 19, 2023

Credit

Luke Young (bugcrowd.com/bored_engineer)