CVE-2017-5826 - OpenCVE

An authenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Hp	Aruba Clearpass Policy Manager

Configuration 1 [-]

cpe:2.3:a:hp:aruba_clearpass_policy_manager:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt	Third Party Advisory
http://www.securityfocus.com/bid/98722	Third Party Advisory VDB Entry
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: hpe

Published: 2017-05-25T00:00:00

Updated: 2018-03-07T10:57:01

Reserved: 2017-02-01T00:00:00

Link: CVE-2017-5826

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-02-15T22:29:07.420

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-5826

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "Aruba ClearPass Policy Manager", "vendor": "Hewlett Packard Enterprise", "versions": [{"status": "affected", "version": "6.6.x"}]}], "datePublic": "2017-05-25T00:00:00", "descriptions": [{"lang": "en", "value": "An authenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found."}], "problemTypes": [{"descriptions": [{"description": "authenticated remote code execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-03-07T10:57:01", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"}, {"name": "98722", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/98722"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-alert@hpe.com", "DATE_PUBLIC": "2017-05-25T00:00:00", "ID": "CVE-2017-5826", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Aruba ClearPass Policy Manager", "version": {"version_data": [{"version_value": "6.6.x"}]}}]}, "vendor_name": "Hewlett Packard Enterprise"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An authenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "authenticated remote code execution"}]}]}, "references": {"reference_data": [{"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"}, {"name": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt", "refsource": "CONFIRM", "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"}, {"name": "98722", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98722"}]}}}}, "cveMetadata": {"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2017-5826", "datePublished": "2017-05-25T00:00:00", "dateReserved": "2017-02-01T00:00:00", "dateUpdated": "2018-03-07T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:aruba_clearpass_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "031F5F6F-E10F-4CB9-8489-F7D20902F398", "versionEndExcluding": "6.6.5", "versionStartIncluding": "6.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An authenticated remote code execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo autenticada en HPE Aruba ClearPass Policy Manager 6.6.x."}], "id": "CVE-2017-5826", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-02-15T22:29:07.420", "references": [{"source": "security-alert@hpe.com", "tags": ["Third Party Advisory"], "url": "http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt"}, {"source": "security-alert@hpe.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98722"}, {"source": "security-alert@hpe.com", "tags": ["Vendor Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}