exploitDog

CVE-2018-7058

Опубликовано: 06 авг. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability, an attacker can leverage this vulnerability to gain administrator privileges on the system. The vulnerability is exposed only on ClearPass web interfaces, including administrative, guest captive portal, and API. Customers who do not expose ClearPass web interfaces to untrusted users are impacted to a lesser extent.

Ссылки

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt
Vendor Advisory
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hp:aruba_clearpass_policy_manager:*:*:*:*:*:*:*:*

Версия от 6.6.0 (включая) до 6.6.9 (исключая)

EPSS

Процентиль: 75%

0.00917

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-269j-j2cg-h6qp

CVSS3: 9.8

github

больше 3 лет назад

Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability, an attacker can leverage this vulnerability to gain administrator privileges on the system. The vulnerability is exposed only on ClearPass web interfaces, including administrative, guest captive portal, and API. Customers who do not expose ClearPass web interfaces to untrusted users are impacted to a lesser extent.

EPSS

Процентиль: 75%

0.00917

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-287