CVE-2023-25596

Summary

A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard Enterprise (HPE)Aruba ClearPass Policy Manager6.11.1 and belowaffected
Hewlett Packard Enterprise (HPE)Aruba ClearPass Policy Manager6.10.8 and belowaffected
Hewlett Packard Enterprise (HPE)Aruba ClearPass Policy Manager6.9.13 and belowaffected

Weaknesses

  • n/a

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References