Lucene search

[email protected]CVE-2023-25593

HistoryMar 22, 2023 - 6:15 a.m.

CVE-2023-25593

2023-03-2206:15:10

CWE-79

[email protected]

web.nvd.nist.gov

clearpass policy manager

web-based management interface

xss attack

remote attacker

nvd

cve-2023-25593

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

0.001 Low

EPSS

Percentile

36.6%

JSON

Vulnerabilities within the web-based management interface of ClearPass Policy Manager could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface.

Affected configurations

NVD

Node

arubanetworksclearpass_policy_managerRange6.9.0–6.9.13

arubanetworksclearpass_policy_managerRange6.10.0–6.10.8

arubanetworksclearpass_policy_managerMatch6.11.0

arubanetworksclearpass_policy_managerMatch6.11.1

CPENameOperatorVersion
arubanetworks:clearpass_policy_managerarubanetworks clearpass policy managerle6.9.13
arubanetworks:clearpass_policy_managerarubanetworks clearpass policy managerle6.10.8
arubanetworks:clearpass_policy_managerarubanetworks clearpass policy managereq6.11.0
arubanetworks:clearpass_policy_managerarubanetworks clearpass policy managereq6.11.1

CPE	Name	Operator	Version
arubanetworks:clearpass_policy_manager	arubanetworks clearpass policy manager	le	6.9.13
arubanetworks:clearpass_policy_manager	arubanetworks clearpass policy manager	le	6.10.8
arubanetworks:clearpass_policy_manager	arubanetworks clearpass policy manager	eq	6.11.0
arubanetworks:clearpass_policy_manager	arubanetworks clearpass policy manager	eq	6.11.1

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Aruba ClearPass Policy Manager",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "versions": [
      {
        "status": "affected",
        "version": "6.11.1 and below"
      },
      {
        "status": "affected",
        "version": "6.10.8 and below"
      },
      {
        "status": "affected",
        "version": "6.9.13 and below"
      }
    ]
  }
]

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-003.txt