CVE-2018-7058Improper Authentication in HP Aruba Clearpass Policy Manager

CWE-287Improper Authentication3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.9%
top 24.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
HP Aruba Clearpass Policy ManagerHewlett Packard Enterprise Aruba Clearpass
Timeline
PublishedAug 6
Latest updateMay 14

Description

Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability, an attacker can leverage this vulnerability to gain administrator privileges on the system. The vulnerability is exposed only on ClearPass web interfaces, including administrative, guest captive portal, and API. Customers who do not expose ClearPass web interfaces to untrusted users are impacted to a lesser extent.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5hewlett_packard_enterprise/aruba_clearpass6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1

🔴Vulnerability Details

2
GHSA
GHSA-269j-j2cg-h6qp: Aruba ClearPass, all versions of 62022-05-14
CVEList
CVE-2018-7058: Aruba ClearPass, all versions of 62018-08-06
CVE-2018-7058 — Improper Authentication in HP | cvebase