CVE-2020-7117

EPSS 1.94%
Published 03.06.2020 13:15:11
Last modified 21.11.2024 05:36:39
Source security-alert@hpe.com
Teams watchlist Login
Open Login

The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher.

Affected products Warnungen 0 Metrics 3 CWE 0 References 4

Data is provided by the National Vulnerability Database (NVD)

Arubanetworks ≫ Clearpass Policy Manager Version >= 6.7.0 <= 6.7.13

Arubanetworks ≫ Clearpass Policy Manager Version >= 6.8.0 < 6.8.6

Arubanetworks ≫ Clearpass Policy Manager Version >= 6.9.0 < 6.9.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.94%	0.827

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	9	8	10	AV:N/AC:L/Au:S/C:C/I:C/A:C

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-005.txt

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-7117

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-7117

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-7117

EUVD