Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
attackerkbAttackerKBAKB:6A4A7478-6280-48E9-9D27-AD2F1BD89DF4
HistoryJun 03, 2020 - 12:00 a.m.

CVE-2020-7115

2020-06-0300:00:00
attackerkb.com
12

0.948 High

EPSS

Percentile

99.3%

JSON

The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher.

Recent assessments:

wvu-r7 at September 23, 2020 5:26pm UTC reported:

> Aruba’s ClearPass Policy Manager, part of the Aruba 360 Secure Fabric, provides role- and device-based secure network access control for IoT, BYOD, corporate devices, as well as employees, contractors and guests across any multivendor wired, wireless and VPN infrastructure.

<https://www.arubanetworks.com/assets/ds/DS_ClearPass_PolicyManager.pdf&gt;

Unauthed RCE in NAC software. Not sure how common this one is, but it’s name-brand software, so expect to see it on enterprise networks. High-impact target if compromised, since NAC is tightly integrated with the network.

Detailed writeup here.

Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 5

Related

packetstorm 1
cve 1
checkpoint_advisories 1
prion 1
githubexploit 1
cvelist 1
saint 3
zdt 2
nvd 1
exploitdb 1
nessus 1
packetstorm
packetstorm
ClearPass Policy Manager Unauthenticated Remote Command Execution
2020-07-08 00:00:00
cve
cve
CVE-2020-7115
2020-06-03 13:15:11
checkpoint_advisories
checkpoint_advisories
Aruba Networks ClearPass Policy Manager Remote Code Execution (CVE-2020-7115)
2021-05-23 00:00:00
prion
prion
Authentication flaw
2020-06-03 13:15:00
githubexploit
githubexploit
Exploit for Missing Authentication for Critical Function in Arubanetworks Clearpass Policy Manager
2021-06-30 22:56:07
cvelist
cvelist
CVE-2020-7115
2020-06-03 12:43:13
saint
saint
Aruba ClearPass Policy Manager tipsSimulationUpload command execution
2020-08-13 00:00:00
Aruba ClearPass Policy Manager tipsSimulationUpload command execution
2020-08-13 00:00:00
Aruba ClearPass Policy Manager tipsSimulationUpload command execution
2020-08-13 00:00:00
zdt
zdt
ClearPass Policy Manager Unauthenticated Remote Command Execution Exploit
2020-07-08 00:00:00
Aruba ClearPass Policy Manager 6.7.0 - Unauthenticated Remote Command Execution Exploit
2020-07-10 00:00:00
nvd
nvd
CVE-2020-7115
2020-06-03 13:15:11
exploitdb
exploitdb
Aruba ClearPass Policy Manager 6.7.0 - Unauthenticated Remote Command Execution
2020-07-10 00:00:00
nessus
nessus
Aruba Networks ClearPass Policy Manager 6.7.x < 6.7.13-HF / 6.8.x < 6.8.5-HF / 6.9.x < 6.9.1 Multiple Vulnerabilities (ARUBA-PSA-2020-005)
2020-07-17 00:00:00

0.948 High

EPSS

Percentile

99.3%

JSON
Related for AKB:6A4A7478-6280-48E9-9D27-AD2F1BD89DF4
packetstorm1cve1checkpoint_advisories1prion1githubexploit1cvelist1saint3zdt2nvd1exploitdb1nessus1