1. CVE-Search
  2. CVE-2020-7117
ID CVE-2020-7117
Summary The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher.
References
Vulnerable Configurations
  • cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.7.7:*:*:*:*:*:*:*
    cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.7.7:*:*:*:*:*:*:*
  • cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.7.8:*:*:*:*:*:*:*
    cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.7.8:*:*:*:*:*:*:*
  • cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.7.9:*:*:*:*:*:*:*
    cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.7.9:*:*:*:*:*:*:*
  • cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.7.10:*:*:*:*:*:*:*
    cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.7.10:*:*:*:*:*:*:*
  • cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.7.11:*:*:*:*:*:*:*
    cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.7.11:*:*:*:*:*:*:*
  • cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.7.12:*:*:*:*:*:*:*
    cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.7.12:*:*:*:*:*:*:*
  • cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.7.13:*:*:*:*:*:*:*
    cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.7.13:*:*:*:*:*:*:*
  • cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.0:*:*:*:*:*:*:*
CVSS
Base: 9.0 (as of 04-06-2020 - 14:10)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:S/C:C/I:C/A:C
refmap via4
misc https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-005.txt
Last major update 04-06-2020 - 14:10
Published 03-06-2020 - 13:15
Last modified 04-06-2020 - 14:10
Back to Top