4 matches found
Aruba ClearPass Policy Manager tipsSimulationUpload command execution
Added: 08/13/2020 CVE: CVE-2020-7115 Background Aruba ClearPass is a network access control solution. Problem A vulnerability in the tipsSimulationUpload.action resource allows remote attackers to execute arbitrary commands by uploading a shared object library in the uploadClientCertFile paramete...
Aruba Networks ClearPass Policy Manager 6.7.x < 6.7.13-HF / 6.8.x < 6.8.5-HF / 6.9.x < 6.9.1 Multiple Vulnerabilities (ARUBA-PSA-2020-005)
The remote host is Aruba Networks HP Clearpass Policy Manager version 6.7.x prior to 6.7.13-HF, or 6.8.x prior to 6.8.5-HF, or 6.9.x 6.9.1. It is, therefore, vulnerable to multiple security vulnerabilities as described in the vendor advisory ARUBA-PSA-2020-005. C Tenable Network Security, Inc...
Command injection
The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system...
CVE-2020-7115
The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF...