CVE-2020-7117

2020-06-0312:49:47

hpe

www.cve.org

7.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.7%

JSON

The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher.

CNA Affected

[
  {
    "product": "ClearPass Policy Manager",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "ClearPass 6.9.x prior to 6.9.1 ClearPass 6.8.x prior to 6.8.5-HF ClearPass 6.7.x prior to 6.7.13-HF"
      }
    ]
  }
]

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-005.txt