HPE ClearPass Policy Manager Vulnerability Allows Remote Code Execution
CVE-2024-51771

8.8HIGH

Key Information:

Vendor: HP
Status: Clearpass Policy Manager
Vendor: CVE Published:; 3 December 2024

Summary

A vulnerability found in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager allows an authenticated remote attacker to execute arbitrary code. If successfully exploited, this weakness permits the threat actor to run unauthorized commands on the operating system, potentially leading to severe security breaches.

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 3, 2024