Remote Code Execution Vulnerability in ClearPass Policy Manager Could Lead to Complete System Compromise
CVE-2024-26298

7.2HIGH

Key Information:

Vendor: HP
Status: Aruba Clearpass Policy Manager
Vendor: CVE Published:; 27 February 2024

Summary

The ClearPass Policy Manager by Aruba Networks has a vulnerability in its web-based management interface that allows remote authenticated users to execute arbitrary commands on the underlying host. This exposure can lead to full system compromise as the attacker may execute commands with root privileges, potentially endangering sensitive data and operations. Organizations utilizing affected versions of ClearPass should apply security updates promptly to mitigate risks associated with this vulnerability.

Affected Version(s)

Aruba ClearPass Policy Manager ClearPass Policy Manager 6.12.x: 6.12.0

Aruba ClearPass Policy Manager ClearPass Policy Manager 6.11.x: 6.11.6 and below

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2024
Vulnerability Reserved
Feb 16, 2024

Credit

Kajetan Rostojek (@kaje11)