CVE-2023-43508 Authorization Bypass Leading to Privilege Escalation in ClearPass Policy Manager Web-Based Management Interface

🗓️ 24 Oct 2023 18:11:58Reported by hpeType

ClearPass Policy Manager Web-Based Management Interface Authorization Bypass CVE-2023-43508

Reporter	Title	Published	Views	Family All 9
CNNVD	Aruba Networks ClearPass Policy Manager Security Vulnerability	25 Oct 202300:00	–	cnnvd
CVE	CVE-2023-43508	24 Oct 202318:11	–	cve
EUVD	EUVD-2023-47914	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in Aruba Networks Clearpass Policy Manager	26 Oct 202300:00	–	ncsc
NVD	CVE-2023-43508	25 Oct 202318:17	–	nvd
Prion	Authorization	25 Oct 202318:17	–	prion
Positive Technologies	PT-2023-28851 · Aruba Networks · Clearpass Policy Manager	24 Oct 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-43508	23 May 202505:26	–	redhatcve
Vulnrichment	CVE-2023-43508 Authorization Bypass Leading to Privilege Escalation in ClearPass Policy Manager Web-Based Management Interface	24 Oct 202318:11	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "Aruba ClearPass Policy Manager",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "versions": [
      {
        "lessThanOrEqual": "<=6.11.4",
        "status": "affected",
        "version": "ClearPass Policy Manager 6.11.x: 6.11.4 and below",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "ClearPass Policy Manager 6.10.x: 6.10.8 with ClearPass 6.10.8 Cumulative Hotfix Patch 5 and below"
      },
      {
        "status": "affected",
        "version": "ClearPass Policy Manager 6.9.x: 6.9.13 with ClearPass 6.9.13 Cumulative Hotfix Patch 3 and below"
      }
    ]
  }
]

Source	Link
arubanetworks	www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt

24 Oct 2023 18:11Current

6.8Medium risk

Vulners AI Score6.8

CVSS 3.16.3

EPSS0.00102