CVE-2017-9001HP Aruba Clearpass Policy Manager vulnerability

3 documents3 sources
Severity
8.1HIGHNVD
EPSS
2.2%
top 15.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
HP Aruba Clearpass Policy ManagerHewlett Packard Enterprise Aruba Clearpass
Timeline
PublishedAug 6
Latest updateMay 13

Description

Aruba ClearPass 6.6.3 and later includes a feature called "SSH Lockout", which causes ClearPass to lock accounts with too many login failures through SSH. When this feature is enabled, an unauthenticated remote command execution vulnerability is present which could allow an unauthenticated user to execute arbitrary commands on the underlying operating system with "root" privilege level. This vulnerability is only present when a specific feature has been enabled. The SSH Lockout feature is not en

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5hewlett_packard_enterprise/aruba_clearpassAll versions prior to 6.6.8

🔴Vulnerability Details

2
GHSA
GHSA-5p2w-v6gp-wgcx: Aruba ClearPass 62022-05-13
CVEList
CVE-2017-9001: Aruba ClearPass 62018-08-06
CVE-2017-9001 — HP vulnerability | cvebase