CVE-2021-26681

2021-02-2317:13:04

hpe

www.cve.org

aruba clearpass policy manager

command injection

remote authentication

EPSS

0.001

Percentile

48.7%

JSON

A remote authenticated command Injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.

CNA Affected

[
  {
    "product": "Aruba ClearPass Policy Manager",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1"
      }
    ]
  }
]

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt

EPSS

0.001

Percentile

48.7%

JSON

Related for CVELIST:CVE-2021-26681