fbpx
preloader

ClearPass Vulnerability Alert

Aruba has informed us about a new security advisory for multiple vulnerabilities affecting your Aruba ClearPass Policy Manager license.

These vulnerabilities affect ClearPass Policy Manager running the following patch versions unless specifically noted otherwise in the details section:

  • ClearPass Policy Manager 6.10.x prior to 6.10.2
  • ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1
  • ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1

Versions of ClearPass Policy Manager that are end of life should be considered to be affected by these vulnerabilities unless otherwise indicated. Impacted customers should plan to migrate to a supported version. Versions that should be considered to be vulnerable and not patched by this advisory include:

  • ClearPass Policy Manager 6.7.x and earlier

Updating ClearPass Policy Manager will resolve all issues.

Vulnerabilities in this advisory include:

CVEDescriptionCVSSv3 Overall ScoreSeverity
CVE-2021-37736Unauthenticated Exploitation of Encryption Endpoint Leading to Remote Authentication Bypass9.8Critical
CVE-2021-37737Authenticated SQL Injection Vulnerability in ClearPass Policy Manager Web-based Management Interface Leading to Cluster Compromise 8.8Critical
CVE-2021-37738Unauthenticated Information Disclosure in ClearPass Policy Manager Web-based Management Interface 7.3Critical
CVE-2021-37739Authenticated Remote Command Injection in ClearPass Policy Manager Web-Based Management Interface Leading to Full System Compromise 7.2Critical
CVE-2021-40986Authenticated Remote Command Injection in ClearPass Policy Manager Web-Based Management Interface Leading to Full System Compromise 7.2Critical
CVE-2021-40987Authenticated Remote Command Injection in ClearPass Policy Manager Web-Based Management Interface Leading to Full System Compromise 7.2Critical
CVE-2021-40988Authenticated Remote Path Traversal in ClearPass Policy Manager Web-Based Management Interface Leading to Full System 7.2Critical
CVE-2021-40989Local Privilege Escalation in ClearPass OnGuard7Critical
CVE-2021-40990Authenticated Information Disclosure in ClearPass Policy Manager Web-based Management Interface Exposing Cleartext Secrets 6.8Critical
CVE-2021-40991Authenticated Information Disclosure in ClearPass Policy Manager Web-based Management Interface Leading to Escalation of Privileges 6.7Critical
CVE-2021-40992Authenticated SQL Injection Vulnerability in ClearPass Policy Manager Command Line Interface 6.4Critical
CVE-2021-40993Authenticated SQL Injection Vulnerability in ClearPass Policy Manager Web-based Management Interface 6.4Critical
CVE-2021-40994Authenticated Remote Command Injection in ClearPass Policy Manager Command Line Interface 6.4Critical
CVE-2021-40995Authenticated Remote Command Injection in ClearPass Policy Manager Command Line Interface 6.4Critical
CVE-2021-40997Unauthenticated Information Disclosure Leading to Remote Authentication Bypass9.8Critical
CVE-2021-40998Authenticated Remote Command Injection in ClearPass Policy Manager Web-Based Management Interface Leading to Full System Compromise 7.2Critical
CVE-2021-40999Authenticated Remote Command Injection in ClearPass Policy Manager Web-Based Management Interface Leading to Full System Compromise 7.2Critical

For more information, please visit: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-018.txt.

To update your ClearPass Policy Manager please contact Yossi at [email protected].

About qmasters

QMasters was founded in 2015 to help Israeli governmental, military, niche security, and municipality offices protect themselves from cyber-attacks. As the cyber security threats grow year after year, so does our list of customers. We are a team of 30+ security experts committed to solving security challenges with the right combination of strategies and technologies.

you might also like:

FortiOS Flaw Exploited as Zero-Day in Attacks

On December 12, Fortinet reported on a heap-based buffer overflow...

תגובה לאירועי אבטחה – Incident Response

לא משנה כמה חזקה ההגנה שלנו תהיה, לפעמים דברים ישתבשו...

VIDEO: Carbon Black Webinar - Investigating an Incident

This video link has expired. Please contact Michelle at [email protected]...

1 2 3 6

Join our newsletter!

x
c
o
n
t
a
c
t

u
s
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram