CVE-2025-23060

Published: Feb 4, 2025Modified: Mar 28, 2025

8.1

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting unauthorized access to network resources as well as enabling data tampering.

Affected (2)

Products: Arubanetworks: Clearpass Policy Manager

1 product

Clearpass Policy Manager

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Arubanetworks Clearpass Policy Manager	From 6.11.0 to 6.11.10
Arubanetworks Clearpass Policy Manager	From 6.12.0 to 6.12.4

Related CWEs

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (1)

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04784en_us&docLocale=en_US

Source: security-alert@hpe.com

Vendor Advisory

Timeline

No history available yet.