CVE-2020-7115
N/A
N/A
Summary
The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | ClearPass Policy Manager | ClearPass 6.9.x prior to 6.9.1 ClearPass 6.8.x prior to 6.8.5-HF ClearPass 6.7.x prior to 6.7.13-HF | affected |
Weaknesses
- Unauthenticated Remote Command Execution in the Web Interface
ADP Enrichment
CVE Program Container
Additional References
- https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-005.txt
- http://packetstormsecurity.com/files/158368/ClearPass-Policy-Manager-Unauthenticated-Remote-Command-Execution.html
References
- https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-005.txt
- http://packetstormsecurity.com/files/158368/ClearPass-Policy-Manager-Unauthenticated-Remote-Command-Execution.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.