CVE-2022-23657 a ARUBA ClearPass Policy Manager remote authentication vulnerability was discovered

CVE-2022-23657 a ARUBA ClearPass Policy Manager remote authentication vulnerability was discovered

If you are using the versions listed above, you should apply the update as soon as possible. If you are using a different version, you should contact the vendor to update their version. The ClearPass Policy Manager remote authentication bypass vulnerability has been assigned CVE-2019-5736. In order to learn more about this issue and how it can affect you, read on. Aruba has released ClearPass Policy Manager version 6.10.4. This version fixes a remote authentication bypass vulnerability that was discovered in the software. If you are using a different version, you should update to the version listed above.

What is ClearPass Policy Manager?

ClearPass Policy Manager is a software that allows Aruba Networks to manage policy settings. It manages the configuration of policies for all supported Aruba wireless access points, wired and remote APs, as well as controllers. ClearPass Policy Manager is based on the earlier Airwave software called Airwave AP Manager.

How Does ClearPass Policy Manager Remote Authentication Bypass Vulnerability Work?

ClearPass Policy Manager is an application that provides access to the Aruba wireless LAN environment. This application allows for remote authentication via ClearPass Policy Manager.
The ClearPass Policy Manager remote authentication bypass vulnerability could occur if a user has the same password in deployments where the password is cached on the device or other external data sources, like Active Directory. If a user enters their password when they are authenticating to ClearPass Policy Manager via ClearPass Web App, they can authenticate without having to enter their password again on the device or other external data sources.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe