CVE-2018-7079

Published: Dec 7, 2018Modified: Nov 21, 2024

7.2

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

Aruba ClearPass Policy Manager guest authorization failure. Certain administrative operations in ClearPass Guest do not properly enforce authorization rules, which allows any authenticated administrative user to execute those operations regardless of privilege level. This could allow low-privilege users to view, modify, or delete guest users. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix.

Affected (2)

Products: Arubanetworks: Clearpass Policy Manager

1 product

Clearpass Policy Manager

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Arubanetworks Clearpass Policy Manager	Before 6.6.10
Arubanetworks Clearpass Policy Manager	From 6.7.0 to 6.7.6

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-007.txt

Source: security-alert@hpe.com

Vendor Advisory

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-007.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.