CVE-2024-53672

Summary

A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard Enterprise (HPE)HPE Aruba Networking ClearPass Policy Manager6.12.0 <= 6.12.2affected
Hewlett Packard Enterprise (HPE)HPE Aruba Networking ClearPass Policy Manager6.11.0 <= 6.11.9affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References