Lucene search

[email protected]CVE-2023-25595

HistoryMar 22, 2023 - 6:15 a.m.

CVE-2023-25595

2023-03-2206:15:10

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2023-25595

clearpass

onguard

ubuntu

vulnerability

local access

sensitive information

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.2 Medium

AI Score

Confidence

High

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:S/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

A vulnerability exists in the ClearPass OnGuard Ubuntu agent that allows for an attacker with local Ubuntu instance access to potentially obtain sensitive information. Successful Exploitation of this vulnerability allows an attacker to retrieve information that is of a sensitive nature to the ClearPass/OnGuard environment.

CPENameOperatorVersion
arubanetworks:clearpass_policy_managerarubanetworks clearpass policy managerle6.9.13
arubanetworks:clearpass_policy_managerarubanetworks clearpass policy managereq6.9.7
arubanetworks:clearpass_policy_managerarubanetworks clearpass policy managereq6.9.6
arubanetworks:clearpass_policy_managerarubanetworks clearpass policy managereq6.9.13
arubanetworks:clearpass_policy_managerarubanetworks clearpass policy managereq6.9.0
arubanetworks:clearpass_policy_managerarubanetworks clearpass policy managereq6.9.1
arubanetworks:clearpass_policy_managerarubanetworks clearpass policy managereq6.9.5
arubanetworks:clearpass_policy_managerarubanetworks clearpass policy managereq6.9.9
arubanetworks:clearpass_policy_managerarubanetworks clearpass policy managereq6.9.11
arubanetworks:clearpass_policy_managerarubanetworks clearpass policy managereq6.9.12

CPE	Name	Operator	Version
arubanetworks:clearpass_policy_manager	arubanetworks clearpass policy manager	le	6.9.13
arubanetworks:clearpass_policy_manager	arubanetworks clearpass policy manager	eq	6.9.7
arubanetworks:clearpass_policy_manager	arubanetworks clearpass policy manager	eq	6.9.6
arubanetworks:clearpass_policy_manager	arubanetworks clearpass policy manager	eq	6.9.13
arubanetworks:clearpass_policy_manager	arubanetworks clearpass policy manager	eq	6.9.0
arubanetworks:clearpass_policy_manager	arubanetworks clearpass policy manager	eq	6.9.1
arubanetworks:clearpass_policy_manager	arubanetworks clearpass policy manager	eq	6.9.5
arubanetworks:clearpass_policy_manager	arubanetworks clearpass policy manager	eq	6.9.9
arubanetworks:clearpass_policy_manager	arubanetworks clearpass policy manager	eq	6.9.11
arubanetworks:clearpass_policy_manager	arubanetworks clearpass policy manager	eq	6.9.12

Rows per page:

1-10 of 191

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-003.txt

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.2 Medium

AI Score

Confidence

High

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:S/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2023-25595

cvelist1 prion1