CVE-2023-25594

Summary

A vulnerability in the web-based management interface of ClearPass Policy Manager allows an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of this vulnerability allows an attacker to complete state-changing actions in the web-based management interface that should not be allowed by their current level of authorization on the platform.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard Enterprise (HPE)Aruba ClearPass Policy Manager6.11.1 and belowaffected
Hewlett Packard Enterprise (HPE)Aruba ClearPass Policy Manager6.10.8 and belowaffected
Hewlett Packard Enterprise (HPE)Aruba ClearPass Policy Manager6.9.13 and belowaffected

Weaknesses

  • n/a

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References