Description
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
Affected Software
{"id": "CVE-2021-34616", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-34616", "description": "A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.", "published": "2021-07-08T21:15:00", "modified": "2022-06-28T14:11:00", "epss": [{"cve": "CVE-2021-34616", "epss": 0.00095, "percentile": 0.38947, "modified": "2023-05-23"}], "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.5}, "severity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34616", "reporter": "security-alert@hpe.com", "references": ["https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-012.txt"], "cvelist": ["CVE-2021-34616"], "immutableFields": [], "lastseen": "2023-05-23T15:30:56", "viewCount": 26, "enchantments": {"dependencies": {}, "score": {"value": 5.2, "vector": "NONE"}, "twitter": {"counter": 2, "modified": "2021-07-10T07:47:28", "tweets": [{"link": "https://twitter.com/threatintelctr/status/1414630832824848384", "text": " NEW: CVE-2021-34616 A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Poli... (click for more) Severity: MEDIUM https://t.co/piHNoIJy7i?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1414630832824848384", "text": " NEW: CVE-2021-34616 A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Poli... (click for more) Severity: MEDIUM https://t.co/piHNoIJy7i?amp=1"}]}, "backreferences": {}, "exploitation": null, "affected_software": {"major_version": [{"name": "arubanetworks clearpass policy manager", "version": 6}, {"name": "arubanetworks clearpass policy manager", "version": 6}, {"name": "arubanetworks clearpass policy manager", "version": 6}, {"name": "arubanetworks clearpass policy manager", "version": 6}]}, "epss": [{"cve": "CVE-2021-34616", "epss": 0.00095, "percentile": 0.38842, "modified": "2023-05-07"}], "vulnersScore": 5.2}, "_state": {"dependencies": 1684860795, "score": 1684856002, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "81afac3248ba62a9cd6f4c7ffc7ff21f"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/a:arubanetworks:clearpass_policy_manager:6.6.10", "cpe:/a:arubanetworks:clearpass_policy_manager:6.7.14"], "cpe23": ["cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.7.14:*:*:*:*:*:*:*", "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.6.10:*:*:*:*:*:*:*"], "cwe": ["CWE-78"], "affectedSoftware": [{"cpeName": "arubanetworks:clearpass_policy_manager", "version": "6.9.6", "operator": "lt", "name": "arubanetworks clearpass policy manager"}, {"cpeName": "arubanetworks:clearpass_policy_manager", "version": "6.8.9", "operator": "lt", "name": "arubanetworks clearpass policy manager"}, {"cpeName": "arubanetworks:clearpass_policy_manager", "version": "6.7.14", "operator": "le", "name": "arubanetworks clearpass policy manager"}, {"cpeName": "arubanetworks:clearpass_policy_manager", "version": "6.6.10", "operator": "le", "name": "arubanetworks clearpass policy manager"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.6:*:*:*:*:*:*:*", "versionStartIncluding": "6.9.0", "versionEndExcluding": "6.9.6", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.8.9:*:*:*:*:*:*:*", "versionStartIncluding": "6.8.0", "versionEndExcluding": "6.8.9", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.7.14:*:*:*:*:*:*:*", "versionStartIncluding": "6.7.0", "versionEndIncluding": "6.7.14", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.6.10:*:*:*:*:*:*:*", "versionStartIncluding": "6.6.0", "versionEndIncluding": "6.6.10", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-012.txt", "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-012.txt", "refsource": "MISC", "tags": ["Vendor Advisory"]}], "product_info": [{"vendor": "Arubanetworks", "product": "Clearpass_policy_manager"}], "solutions": [], "workarounds": [], "impacts": [], "exploits": [], "problemTypes": []}
{}
CVE-2021-34616