CVE-2018-7060

Published: Aug 6, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulnerable to CSRF attacks against authenticated users. An attacker could manipulate an authenticated user into performing actions on the web administrative interface.

Affected (2)

Products: Arubanetworks: Clearpass

Arubanetworks

1 product

Clearpass

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Arubanetworks Clearpass	From 6.6.0 to 6.6.9
Arubanetworks Clearpass	From 6.7.0 to 6.7.1

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt

Source: security-alert@hpe.com

Vendor Advisory

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.