Remote Access to Sensitive Information via ClearPass Policy Manager Web Interface
CVE-2024-26301

6.5MEDIUM

Key Information:

Vendor: HP (HP)
Status: Aruba Clearpass Policy Manager
Vendor: CVE Published:; 27 February 2024

What is CVE-2024-26301?

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager.

Affected Version(s)

Aruba ClearPass Policy Manager ClearPass Policy Manager 6.12.x: 6.12.0

Aruba ClearPass Policy Manager ClearPass Policy Manager 6.11.x: 6.11.6 and below

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 27, 2024
Vulnerability Reserved
Feb 16, 2024

Credit

Niels De Carpentier