CVE-2021-26677Improper Privilege Management in Clearpass Policy Manager

CWE-269Improper Privilege Management6 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 87.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Arubanetworks Clearpass Policy ManagerHewlett Packard Enterprise Aruba Clearpass Policy Manager
Timeline
PublishedFeb 23
Latest updateOct 10

Description

A local authenticated escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in ClearPass OnGuard could allow local authenticated users on a Windows platform to elevate their privileges. A successful exploit could allow an attacker to execute arbitrary code with SYSTEM level privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5hewlett_packard_enterprise/aruba_clearpass_policy_managerPrior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1

🔴Vulnerability Details

5
OSV
linux-raspi-5.4 vulnerabilities2024-10-10
OSV
linux-raspi vulnerabilities2024-10-01
OSV
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.2024-09-18
GHSA
GHSA-xx4w-vp73-2842: A local authenticated escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 62022-05-24
CVEList
CVE-2021-26677: A local authenticated escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 62021-02-23
CVE-2021-26677 — Improper Privilege Management | cvebase