CVE-2023-43508

Опубликовано: 25 окт. 2023

Источник: nvd

CVSS3: 6.3

CVSS3: 6.5

EPSS Низкий

Описание

Vulnerabilities in the web-based management interface of ClearPass Policy Manager allow an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of these vulnerabilities allow an attacker to complete state-changing actions in the web-based management interface that should not be allowed by their current level of authorization on the platform.

Ссылки

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt
Vendor Advisory
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:*

Версия до 6.9.13 (исключая)

cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:*

Версия от 6.10.0 (включая) до 6.10.8 (исключая)

cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:*

Версия от 6.11.0 (включая) до 6.11.4 (включая)

cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.13:-:*:*:*:*:*:*

cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.13:cumulative_hotfix_patch_2:*:*:*:*:*:*

cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.13:cumulative_hotfix_patch_3:*:*:*:*:*:*

cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.8:-:*:*:*:*:*:*

cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.8:cumulative_hotfix_patch_2:*:*:*:*:*:*

cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.8:cumulative_hotfix_patch_5:*:*:*:*:*:*

EPSS

Процентиль: 28%

0.00102

Низкий

6.3 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-863

Связанные уязвимости

GHSA-67w3-8vjj-xpmw

CVSS3: 6.3

github

больше 2 лет назад

EPSS

Процентиль: 28%

0.00102

Низкий

6.3 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-863