CVE-2023-25590

Summary

A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard Enterprise (HPE)Aruba ClearPass Policy Manager6.11.1 and belowaffected
Hewlett Packard Enterprise (HPE)Aruba ClearPass Policy Manager6.10.8 and belowaffected
Hewlett Packard Enterprise (HPE)Aruba ClearPass Policy Manager6.9.13 and belowaffected

Weaknesses

  • n/a

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References