CVE-2020-7111

Published: Apr 16, 2020Modified: Nov 21, 2024

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

A server side injection vulnerability exists which could allow an authenticated administrative user to achieve Remote Code Execution in ClearPass. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher.

Affected (2)

Products: Arubanetworks: Clearpass

Arubanetworks

1 product

Clearpass

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Arubanetworks Clearpass	From 6.7.0 to 6.7.13
Arubanetworks Clearpass	From 6.8.0 to 6.8.4

Related CWEs

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

References (2)

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-004.txt

Source: security-alert@hpe.com

Vendor Advisory

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-004.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.