On December 12, Fortinet reported on a heap-based buffer overflow...
Aruba has informed us about a new security advisory for multiple vulnerabilities affecting your Aruba ClearPass Policy Manager license.
These vulnerabilities affect ClearPass Policy Manager running the following patch versions unless specifically noted otherwise in the details section:
Versions of ClearPass Policy Manager that are end of life should be considered to be affected by these vulnerabilities unless otherwise indicated. Impacted customers should plan to migrate to a supported version. Versions that should be considered to be vulnerable and not patched by this advisory include:
Updating ClearPass Policy Manager will resolve all issues.
Vulnerabilities in this advisory include:
CVE | Description | CVSSv3 Overall Score | Severity |
CVE-2021-37736 | Unauthenticated Exploitation of Encryption Endpoint Leading to Remote Authentication Bypass | 9.8 | Critical |
CVE-2021-37737 | Authenticated SQL Injection Vulnerability in ClearPass Policy Manager Web-based Management Interface Leading to Cluster Compromise | 8.8 | Critical |
CVE-2021-37738 | Unauthenticated Information Disclosure in ClearPass Policy Manager Web-based Management Interface | 7.3 | Critical |
CVE-2021-37739 | Authenticated Remote Command Injection in ClearPass Policy Manager Web-Based Management Interface Leading to Full System Compromise | 7.2 | Critical |
CVE-2021-40986 | Authenticated Remote Command Injection in ClearPass Policy Manager Web-Based Management Interface Leading to Full System Compromise | 7.2 | Critical |
CVE-2021-40987 | Authenticated Remote Command Injection in ClearPass Policy Manager Web-Based Management Interface Leading to Full System Compromise | 7.2 | Critical |
CVE-2021-40988 | Authenticated Remote Path Traversal in ClearPass Policy Manager Web-Based Management Interface Leading to Full System | 7.2 | Critical |
CVE-2021-40989 | Local Privilege Escalation in ClearPass OnGuard | 7 | Critical |
CVE-2021-40990 | Authenticated Information Disclosure in ClearPass Policy Manager Web-based Management Interface Exposing Cleartext Secrets | 6.8 | Critical |
CVE-2021-40991 | Authenticated Information Disclosure in ClearPass Policy Manager Web-based Management Interface Leading to Escalation of Privileges | 6.7 | Critical |
CVE-2021-40992 | Authenticated SQL Injection Vulnerability in ClearPass Policy Manager Command Line Interface | 6.4 | Critical |
CVE-2021-40993 | Authenticated SQL Injection Vulnerability in ClearPass Policy Manager Web-based Management Interface | 6.4 | Critical |
CVE-2021-40994 | Authenticated Remote Command Injection in ClearPass Policy Manager Command Line Interface | 6.4 | Critical |
CVE-2021-40995 | Authenticated Remote Command Injection in ClearPass Policy Manager Command Line Interface | 6.4 | Critical |
CVE-2021-40997 | Unauthenticated Information Disclosure Leading to Remote Authentication Bypass | 9.8 | Critical |
CVE-2021-40998 | Authenticated Remote Command Injection in ClearPass Policy Manager Web-Based Management Interface Leading to Full System Compromise | 7.2 | Critical |
CVE-2021-40999 | Authenticated Remote Command Injection in ClearPass Policy Manager Web-Based Management Interface Leading to Full System Compromise | 7.2 | Critical |
For more information, please visit: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-018.txt.
To update your ClearPass Policy Manager please contact Yossi at [email protected].
On December 12, Fortinet reported on a heap-based buffer overflow...
לא משנה כמה חזקה ההגנה שלנו תהיה, לפעמים דברים ישתבשו...
This video link has expired. Please contact Michelle at [email protected]...