A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromise. An authentication flaw in all versions of ClearPass could allow an attacker to compromise the entire cluster through a specially crafted API call. Network access to the administrative web interface is required to exploit this vulnerability. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix.
References
Link | Resource |
---|---|
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-007.txt | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: hpe
Published: 2018-12-07T21:00:00
Updated: 2018-12-07T20:57:01
Reserved: 2018-02-15T00:00:00
Link: CVE-2018-7067
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-12-07T21:29:01.280
Modified: 2019-02-05T19:31:09.167
Link: CVE-2018-7067
JSON object: View
Redhat Information
No data.
CWE