Lucene search

HpeCVE-2021-40994

HistoryOct 15, 2021 - 3:15 p.m.

CVE-2021-40994

2021-10-1515:15:09

CWE-77

hpe

web.nvd.nist.gov

aruba

clearpass policy manager

cve-2021-40994

remote command execution

vulnerability

nvd

patch

security

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

40.0%

JSON

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.

Affected configurations

Nvd

Node

arubanetworksclearpass_policy_managerRange6.8.0–6.8.9

arubanetworksclearpass_policy_managerRange6.9.0–6.9.7

arubanetworksclearpass_policy_managerRange6.10.0–6.10.2

arubanetworksclearpass_policy_managerMatch6.8.9-

arubanetworksclearpass_policy_managerMatch6.9.7-

VendorProductVersionCPE
arubanetworksclearpass_policy_manager*cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:*
arubanetworksclearpass_policy_manager6.8.9cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.8.9:-:*:*:*:*:*:*
arubanetworksclearpass_policy_manager6.9.7cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.7:-:*:*:*:*:*:*

Vendor	Product	Version	CPE
arubanetworks	clearpass_policy_manager	*	cpe:2.3:a:arubanetworks:clearpass_policy_manager::::::::
arubanetworks	clearpass_policy_manager	6.8.9	cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.8.9:-::::::
arubanetworks	clearpass_policy_manager	6.9.7	cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.7:-::::::

CNA Affected

[
  {
    "product": "Aruba ClearPass Policy Manager",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1"
      }
    ]
  }
]

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-018.txt

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

40.0%

JSON

Related for CVE-2021-40994