Remote Code Execution Vulnerability in ClearPass Policy Manager Could Lead to Complete System Compromise
CVE-2024-26295

7.2HIGH

Key Information:

Vendor: HP
Status: Aruba Clearpass Policy Manager
Vendor: CVE Published:; 27 February 2024

Summary

The ClearPass Policy Manager by Aruba Networks is susceptible to vulnerabilities within its web-based management interface. This flaw allows remote authenticated users the ability to execute arbitrary commands on the underlying host system. If successfully exploited, this vulnerability can lead to complete system compromise as an attacker gains root-level access to the operating system. Organizations using affected versions should assess their security measures and apply any necessary updates to mitigate risks associated with this vulnerability.

Affected Version(s)

Aruba ClearPass Policy Manager ClearPass Policy Manager 6.12.x: 6.12.0

Aruba ClearPass Policy Manager ClearPass Policy Manager 6.11.x: 6.11.6 and below

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2024
Vulnerability Reserved
Feb 16, 2024

Credit

Daniel Jensen (@dozernz)