CVE-2023-43508 - OpenCVE

Vulnerabilities in the web-based management interface of ClearPass Policy Manager allow an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of these vulnerabilities allow an attacker to complete state-changing actions in the web-based management interface that should not be allowed by their current level of authorization on the platform.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Arubanetworks	Clearpass Policy Manager

Configuration 1 [-]

OR	cpe:2.3:a:arubanetworks:clearpass_policy_manager::::::::
	cpe:2.3:a:arubanetworks:clearpass_policy_manager::::::::
	cpe:2.3:a:arubanetworks:clearpass_policy_manager::::::::
	cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.13:-::::::
	cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.13:cumulative_hotfix_patch_2::::::
	cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.13:cumulative_hotfix_patch_3::::::
	cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.8:-::::::
	cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.8:cumulative_hotfix_patch_2::::::
	cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.8:cumulative_hotfix_patch_5::::::

References

Link	Resource
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: hpe

Published: 2023-10-24T18:11:58.092Z

Updated: 2023-10-24T18:11:58.092Z

Reserved: 2023-09-19T14:41:06.499Z

Link: CVE-2023-43508

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-25T18:17:31.990

Modified: 2023-11-01T16:21:53.443

Link: CVE-2023-43508

JSON object: View

Redhat Information

No data.

CWE

CWE-863

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-43508", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "state": "PUBLISHED", "assignerShortName": "hpe", "dateReserved": "2023-09-19T14:41:06.499Z", "datePublished": "2023-10-24T18:11:58.092Z", "dateUpdated": "2023-10-24T18:11:58.092Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Aruba ClearPass Policy Manager", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [{"lessThanOrEqual": "<=6.11.4", "status": "affected", "version": "ClearPass Policy Manager 6.11.x: 6.11.4 and below", "versionType": "semver"}, {"status": "affected", "version": "ClearPass Policy Manager 6.10.x: 6.10.8 with ClearPass 6.10.8 Cumulative Hotfix Patch 5 and below"}, {"status": "affected", "version": "ClearPass Policy Manager 6.9.x: 6.9.13 with ClearPass 6.9.13 Cumulative Hotfix Patch 3 and below"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Mateusz Dabrowski (dbrwsky)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Vulnerabilities in the web-based management interface of ClearPass Policy Manager allow an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of these vulnerabilities allow an attacker to complete state-changing actions in the web-based management interface that should not be allowed by their current level of authorization on the platform."}], "value": "Vulnerabilities in the web-based management interface of\u00a0ClearPass Policy Manager allow an attacker with read-only\u00a0privileges to perform actions that change the state of the\u00a0ClearPass Policy Manager instance. Successful exploitation\u00a0of these vulnerabilities allow an attacker to complete\u00a0state-changing actions in the web-based management interface\u00a0that should not be allowed by their current level of\u00a0authorization on the platform."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2023-10-24T18:11:58.092Z"}, "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt"}], "source": {"discovery": "UNKNOWN"}, "title": "Authorization Bypass Leading to Privilege Escalation in ClearPass Policy Manager Web-Based Management Interface", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "124117E4-FE27-43AB-B5F5-B4EFCA767430", "versionEndExcluding": "6.9.13", "vulnerable": true}, {"criteria": "cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "84F5E56D-039C-47B0-827A-AFE34887DAD2", "versionEndExcluding": "6.10.8", "versionStartIncluding": "6.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "349AD8EE-ECFF-469B-80E6-0ABFDEF55A2C", "versionEndIncluding": "6.11.4", "versionStartIncluding": "6.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.13:-:*:*:*:*:*:*", "matchCriteriaId": "57C5BF92-A455-44E4-AE20-F9A1D790422D", "vulnerable": true}, {"criteria": "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.13:cumulative_hotfix_patch_2:*:*:*:*:*:*", "matchCriteriaId": "7962FD34-6A38-461A-8942-BCA227AF8AF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.13:cumulative_hotfix_patch_3:*:*:*:*:*:*", "matchCriteriaId": "435A3CE6-AB76-4F4F-B11F-71E0C7619A9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.8:-:*:*:*:*:*:*", "matchCriteriaId": "1DB2448F-D014-4672-90A9-3BCC91096B93", "vulnerable": true}, {"criteria": "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.8:cumulative_hotfix_patch_2:*:*:*:*:*:*", "matchCriteriaId": "80F47102-7F9F-449F-91A1-76372AA7F3D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.8:cumulative_hotfix_patch_5:*:*:*:*:*:*", "matchCriteriaId": "F85708F3-CA05-472A-9B51-373D1AD14E9C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Vulnerabilities in the web-based management interface of\u00a0ClearPass Policy Manager allow an attacker with read-only\u00a0privileges to perform actions that change the state of the\u00a0ClearPass Policy Manager instance. Successful exploitation\u00a0of these vulnerabilities allow an attacker to complete\u00a0state-changing actions in the web-based management interface\u00a0that should not be allowed by their current level of\u00a0authorization on the platform."}, {"lang": "es", "value": "Las vulnerabilidades en la interfaz de administraci\u00f3n basada en web de ClearPass Policy Manager permiten que un atacante con privilegios de solo lectura realice acciones que cambien el estado de la instancia de ClearPass Policy Manager. La explotaci\u00f3n exitosa de estas vulnerabilidades permite a un atacante completar acciones de cambio del estado en la interfaz de administraci\u00f3n basada en web que no deber\u00edan estar permitidas por su nivel actual de autorizaci\u00f3n en la plataforma."}], "id": "CVE-2023-43508", "lastModified": "2023-11-01T16:21:53.443", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "security-alert@hpe.com", "type": "Secondary"}]}, "published": "2023-10-25T18:17:31.990", "references": [{"source": "security-alert@hpe.com", "tags": ["Vendor Advisory"], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}]}