Vulnerability CVE-2018-7079

Vulnerability CVE-2018-7079

Published: 2018-12-07

Description:

Aruba ClearPass Policy Manager guest authorization failure. Certain administrative operations in ClearPass Guest do not properly enforce authorization rules, which allows any authenticated administrative user to execute those operations regardless of privilege level. This could allow low-privilege users to view, modify, or delete guest users. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix.

Type:

CWE-863

(Incorrect Authorization)

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
6.5/10	6.4/10	8/10

Exploit range	Attack complexity	Authentication
Remote	Low	Single time
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Arubanetworks -> Clearpass policy manager

References:

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-007.txt

Copyright 2024, cxsecurity.com