Remote Access to Sensitive Information via ClearPass Policy Manager Web Interface
CVE-2024-26302

4.8MEDIUM

Key Information:

Vendor: HP
Status: Aruba Clearpass Policy Manager
Vendor: CVE Published:; 27 February 2024

Summary

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager.

Affected Version(s)

Aruba ClearPass Policy Manager ClearPass Policy Manager 6.12.x: 6.12.0

Aruba ClearPass Policy Manager ClearPass Policy Manager 6.11.x: 6.11.6 and below

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2024
Vulnerability Reserved
Feb 16, 2024

Credit

Aruba ClearPass Policy Manager engineering team