| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
| CVE-2026-23599 | 17 Feb 202623:04 | – | attackerkb | |
| The vulnerability of the OnGuard component of the software platform for managing network access policies in HPE Aruba Networking ClearPass Policy Manager allows a malicious actor to increase their privileges. | 19 Mar 202600:00 | – | bdu_fstec | |
| CVE-2026-23599 | 18 Feb 202600:16 | – | circl | |
| HPE Aruba Networking ClearPass OnGuard Software 安全漏洞 | 18 Feb 202600:00 | – | cnnvd | |
| CVE-2026-23599 | 17 Feb 202623:04 | – | cve | |
| CVE-2026-23599 Local Privilege Escalation Vulnerability in HPE Aruba Networking Clear Pass Policy Manager OnGuard for Linux | 17 Feb 202623:04 | – | cvelist | |
| CVE-2026-23599 | 18 Feb 202600:16 | – | nvd | |
| PT-2026-20310 | 17 Feb 202600:00 | – | ptsecurity | |
| CVE-2026-23599 | 19 Feb 202601:27 | – | redhatcve | |
| CVE-2026-23599 Local Privilege Escalation Vulnerability in HPE Aruba Networking Clear Pass Policy Manager OnGuard for Linux | 17 Feb 202623:04 | – | vulnrichment |
| Source | Link |
|---|---|
| nessus | www.nessus.org/u |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(299675);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/02/23");
script_cve_id("CVE-2026-23599");
script_xref(name:"IAVA", value:"2026-A-0163");
script_name(english:"Aruba ClearPass Policy Manager 6.11.x < 6.11.13 / 6.12.x < 6.12.7 Local Privilege Escalation (CVE-2026-23599)");
script_set_attribute(attribute:"synopsis", value:
"The remote application is affected by a local privilege escalation vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of Aruba ClearPass Policy Manager installed on the remote host is prior to 6.11.13 or 6.12.7. It is, therefore,
affected by a local privilege escalation vulnerability as referenced in the HPESBNW05012 advisory.
- A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking ClearPass OnGuard
Software for Linux. Successful exploitation of this vulnerability could allow a local attacker to achieve
arbitrary code execution with root privileges. (CVE-2026-23599)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05012en_us
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?03933f39");
script_set_attribute(attribute:"solution", value:
"Upgrade to version 6.11.13 / 6.12.7 or later.");
script_set_attribute(attribute:"agent", value:"unix");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-23599");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2026/02/17");
script_set_attribute(attribute:"patch_publication_date", value:"2026/02/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/02/20");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:arubanetworks:clearpass");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("aruba_clearpass_polman_detect.nbin");
script_require_keys("Host/Aruba_Clearpass_Policy_Manager/version");
exit(0);
}
include('vcf.inc');
var app = 'Aruba ClearPass Policy Manager';
var app_info = vcf::get_app_info(app:app, kb_ver:'Host/Aruba_Clearpass_Policy_Manager/version');
constraints = [
{ 'min_version' : '6.11.0', 'fixed_version' : '6.11.13' },
{ 'min_version' : '6.12.0', 'fixed_version' : '6.12.7' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation