CVE-2023-43508

Summary

Vulnerabilities in the web-based management interface of ClearPass Policy Manager allow an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of these vulnerabilities allow an attacker to complete state-changing actions in the web-based management interface that should not be allowed by their current level of authorization on the platform.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard Enterprise (HPE)Aruba ClearPass Policy ManagerClearPass Policy Manager 6.11.x: 6.11.4 and below <= <=6.11.4affected
Hewlett Packard Enterprise (HPE)Aruba ClearPass Policy ManagerClearPass Policy Manager 6.10.x: 6.10.8 with ClearPass 6.10.8 Cumulative Hotfix Patch 5 and belowaffected
Hewlett Packard Enterprise (HPE)Aruba ClearPass Policy ManagerClearPass Policy Manager 6.9.x: 6.9.13 with ClearPass 6.9.13 Cumulative Hotfix Patch 3 and belowaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References