Lucene search

HpeCVELIST:CVE-2022-43540

HistoryJan 03, 2023 - 8:08 p.m.

CVE-2022-43540

2023-01-0320:08:16

hpe

www.cve.org

clearpass onguard

macos

attacker

sensitive information

aruba clearpass

policy manager

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

Percentile

5.1%

JSON

A vulnerability exists in the ClearPass OnGuard macOS agent that allows for an attacker with local macOS instance access to potentially obtain sensitive information. A successful exploit could allow an attacker to retrieve information that is of a sensitive nature in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Aruba ClearPass Policy Manager",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "versions": [
      {
        "status": "affected",
        "version": "ClearPass Policy Manager 6.10.x: 6.10.7 and below, ClearPass Policy Manager 6.9.x: 6.9.12 and below"
      }
    ]
  }
]

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-020.txt

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2022-43540