Vulnerability CVE-2014-2593
Published: 2014-08-29

Description:
The management console in Aruba Networks ClearPass Policy Manager 6.3.0.60730 allows local users to execute arbitrary commands via shell metacharacters in certain arguments of a valid command, as demonstrated by the (1) system status-rasession and (2) network ping commands.

Type:

CWE-264

 (Permissions, Privileges, and Access Controls)

CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9/10
10/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Arubanetworks -> Clearpass policy manager 

 References:
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2593
http://xforce.iss.net/xforce/xfdb/95491
http://www.securityfocus.com/bid/69391
http://www.arubanetworks.com/support/alerts/aid-050214.asc
http://osvdb.org/show/osvdb/109662
Copyright 2024, cxsecurity.com

 

Back to Top