cbcvebase.
CVE-2018-7079
published 2018-12-07

CVE-2018-7079: Aruba ClearPass Policy Manager guest authorization failure. Certain administrative operations in ClearPass Guest do not properly enforce authorization rules…

PriorityP340high7.2CVSS 3.0
AVNACLPRHUINSUCHIHAH
EPSS
0.94%
56.5th percentile
Aruba ClearPass Policy Manager guest authorization failure. Certain administrative operations in ClearPass Guest do not properly enforce authorization rules, which allows any authenticated administrative user to execute those operations regardless of privilege level. This could allow low-privilege users to view, modify, or delete guest users. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix.

Affected

3 ranges
VendorProductVersion rangeFixed in
arubanetworksclearpass_policy_manager< 6.6.106.6.10
arubanetworksclearpass_policy_manager>= 6.7.0 < 6.7.66.7.6
hewlett_packard_enterprisearuba_clearpass_policy_manager

CVSS provenance

nvdv3.07.2HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.