CVE-2024-26301

Summary

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard Enterprise (HPE)Aruba ClearPass Policy ManagerClearPass Policy Manager 6.12.x: 6.12.0affected
Hewlett Packard Enterprise (HPE)Aruba ClearPass Policy ManagerClearPass Policy Manager 6.11.x: 6.11.6 and belowaffected
Hewlett Packard Enterprise (HPE)Aruba ClearPass Policy ManagerClearPass Policy Manager 6.10.x: ClearPass 6.10.8 Hotfix Q4 2023 for Security issues and belowaffected
Hewlett Packard Enterprise (HPE)Aruba ClearPass Policy ManagerClearPass Policy Manager 6.9.x: ClearPass 6.9.13 Hotfix Q4 2023 for Security issues and belowaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References