7.8

CVE-2023-43506

A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance.

Data is provided by the National Vulnerability Database (NVD)
ArubanetworksClearpass Policy Manager Version < 6.9.13
   LinuxLinux Kernel Version-
ArubanetworksClearpass Policy Manager Version >= 6.10.0 < 6.10.8
   LinuxLinux Kernel Version-
ArubanetworksClearpass Policy Manager Version >= 6.11.0 <= 6.11.4
   LinuxLinux Kernel Version-
ArubanetworksClearpass Policy Manager Version6.9.13 Update-
   LinuxLinux Kernel Version-
ArubanetworksClearpass Policy Manager Version6.9.13 Updatecumulative_hotfix_patch_2
   LinuxLinux Kernel Version-
ArubanetworksClearpass Policy Manager Version6.9.13 Updatecumulative_hotfix_patch_3
   LinuxLinux Kernel Version-
ArubanetworksClearpass Policy Manager Version6.10.8 Update-
   LinuxLinux Kernel Version-
ArubanetworksClearpass Policy Manager Version6.10.8 Updatecumulative_hotfix_patch_2
   LinuxLinux Kernel Version-
ArubanetworksClearpass Policy Manager Version6.10.8 Updatecumulative_hotfix_patch_5
   LinuxLinux Kernel Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.12% 0.314
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security-alert@hpe.com 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.