CVE-2013-2269Clearpass vulnerability

CWE-2643 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.4%
top 36.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Arubanetworks ClearpassArubanetworks Clearpass Guest
Timeline
PublishedOct 1
Latest updateMay 17

Description

The Sponsorship Confirmation functionality in Aruba Networks ClearPass 5.x, 6.0.1, and 6.0.2, and Amigopod/ClearPass Guest 3.0 through 3.9.7, allows remote attackers to bypass intended access restrictions and approve a request by sending a guest request, then using "parameter manipulation" in conjunction with information from a "default holding page" to discover the link that is used for sponsor approval of the guest request, then performing a direct request to that link.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDarubanetworks/clearpass5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-3q4p-jjr2-84r3: The Sponsorship Confirmation functionality in Aruba Networks ClearPass 52022-05-17
CVEList
CVE-2013-2269: The Sponsorship Confirmation functionality in Aruba Networks ClearPass 52013-10-01
CVE-2013-2269 — Arubanetworks Clearpass vulnerability | cvebase