Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-7115Missing Authentication for Critical Function in Clearpass Policy Manager

CWE-306Missing Authentication for Critical Function4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
60.7%
top 1.70%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Arubanetworks Clearpass Policy Manager
Timeline
PublishedJun 3
Latest updateMay 24

Description

The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5arubanetworks/clearpass_policy_managerClearPass 6.9.x prior to 6.9.1 ClearPass 6.8.x prior to 6.8.5-HF ClearPass 6.7.x prior to 6.7.13-HF

🔴Vulnerability Details

2
GHSA
GHSA-9q8x-85pc-99r3: The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass2022-05-24
CVEList
CVE-2020-7115: The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass2020-06-03

💥Exploits & PoCs

1
Exploit-DB
Aruba ClearPass Policy Manager 6.7.0 - Unauthenticated Remote Command Execution2020-07-10
CVE-2020-7115 — Clearpass Policy Manager vulnerability | cvebase