CVE-2013-2269
N/A
N/A
Summary
The Sponsorship Confirmation functionality in Aruba Networks ClearPass 5.x, 6.0.1, and 6.0.2, and Amigopod/ClearPass Guest 3.0 through 3.9.7, allows remote attackers to bypass intended access restrictions and approve a request by sending a guest request, then using "parameter manipulation" in conjunction with information from a "default holding page" to discover the link that is used for sponsor approval of the guest request, then performing a direct request to that link.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.arubanetworks.com/support/alerts/aid-050813.asc
- http://www.securityfocus.com/bid/59805
- http://secunia.com/advisories/53358
References
- http://www.arubanetworks.com/support/alerts/aid-050813.asc
- http://www.securityfocus.com/bid/59805
- http://secunia.com/advisories/53358
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.