Lucene search

[email protected]NVD:CVE-2022-43540

HistoryJan 05, 2023 - 7:15 a.m.

CVE-2022-43540

2023-01-0507:15:14

[email protected]

web.nvd.nist.gov

clearpass onguard

macos

attacker

sensitive information

vulnerability

clearpass policy manager

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.1

Confidence

High

EPSS

Percentile

5.1%

JSON

A vulnerability exists in the ClearPass OnGuard macOS agent that allows for an attacker with local macOS instance access to potentially obtain sensitive information. A successful exploit could allow an attacker to retrieve information that is of a sensitive nature in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.

Affected configurations

Nvd

Node

arubanetworksclearpass_policy_managerRange6.9.0–6.9.12

arubanetworksclearpass_policy_managerRange6.10.0–6.10.7

AND

applemacosMatch-

VendorProductVersionCPE
arubanetworksclearpass_policy_manager*cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:*
applemacos-cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
arubanetworks	clearpass_policy_manager	*	cpe:2.3:a:arubanetworks:clearpass_policy_manager::::::::
apple	macos	-	cpe:2.3:o:apple:macos:-:::::::*

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-020.txt

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.1

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2022-43540

prion1 cve1 cvelist1