CVE-2018-7066

EPSS 1.84%
Published 07.12.2018 21:29:01
Last modified 21.11.2024 04:11:35
Source security-alert@hpe.com
Teams watchlist Login
Open Login

An unauthenticated remote command execution exists in Aruba ClearPass Policy Manager on linked devices. The ClearPass OnConnect feature permits administrators to link other network devices into ClearPass for the purpose of collecting enhanced information about connected endpoints. A defect in the API could allow a remote attacker to execute arbitrary commands on one of the linked devices. This vulnerability is only applicable if credentials for devices have been supplied to ClearPass under Configuration -> Network -> Devices -> CLI Settings. Resolution: Fixed in 6.7.5 and 6.6.10-hotfix.

Affected products Warnungen 0 Metrics 3 CWE 0 References 4

Data is provided by the National Vulnerability Database (NVD)

Arubanetworks ≫ Clearpass Policy Manager Version < 6.6.10

Arubanetworks ≫ Clearpass Policy Manager Version >= 6.7.0 < 6.7.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.84%	0.813

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9	2.2	6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-007.txt

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-7066

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-7066

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-7066

EUVD