CVE-2018-7079
published 2018-12-07CVE-2018-7079: Aruba ClearPass Policy Manager guest authorization failure. Certain administrative operations in ClearPass Guest do not properly enforce authorization rules…
PriorityP340high7.2CVSS 3.0
AVNACLPRHUINSUCHIHAH
EPSS
0.94%
56.5th percentile
Aruba ClearPass Policy Manager guest authorization failure. Certain administrative operations in ClearPass Guest do not properly enforce authorization rules, which allows any authenticated administrative user to execute those operations regardless of privilege level. This could allow low-privilege users to view, modify, or delete guest users. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arubanetworks | clearpass_policy_manager | < 6.6.10 | 6.6.10 |
| arubanetworks | clearpass_policy_manager | >= 6.7.0 < 6.7.6 | 6.7.6 |
| hewlett_packard_enterprise | aruba_clearpass_policy_manager | — | — |
CVSS provenance
nvdv3.07.2HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-12-07
Published