In certain cases, an attacker could exploit these vulnerabilities to cause a denial-of-service condition against the ClearPass Policy Manager cluster in Aruba. An attacker could also exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster in Aruba. ClearPass Policy Manager version(s): 9.2.x: 9.2.10 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities. In certain cases, an attacker could exploit these vulnerabilities to cause a denial-of-service condition against the Aruba ClearPass Policy Manager instance. An attacker could also exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the Aruba ClearPass Policy Manager instance. ClearPass Policy Manager version(s): 9.3.x: 9.3.7 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities. In certain cases, an attacker could exploit these vulnerabilities to cause a denial-of-service condition against the Aruba ClearPass Policy Manager instance. An attacker could also exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the Aruba ClearPass Policy Manager instance.
ClearPass Policy Manager - What is it?
ClearPass Policy Manager is a service that helps enterprises manage wireless devices and applications for their businesses. ClearPass Policy Manager provides enterprise-grade policies, portals, and mobile management capabilities for companies to use in the enterprise. It is designed to provide flexible security and bring peace of mind while you stay productive. ClearPass Policy Manager stores passwords, certificates, and other sensitive information in a protection-oriented database backend that can be tailored to meet your needs.
ClearPass Policy Manager Colelction SQL Injection Vulnerabilities
ClearPass Policy Manager is a collection of tools designed to manage different aspects of a network. ClearPass Policy Manager has two components: the web application component and the database component. The vulnerability that Aruba discovered in these components allows attackers to exploit SQL vulnerabilities and obtain sensitive information from the underlying database potentially leading to complete compromise of the ClearPass Policy Manager instance.
The ClearPass Policy Manager collection 9.2.x versions are vulnerable to CVE-2022-23694 and 9.3.x versions are vulnerable to CVE-2022-23693.
Summary
In certain cases, an attacker could exploit these vulnerabilities to cause a denial-of-service condition against the Aruba ClearPass Policy Manager cluster in Aruba.
Timeline
Published on: 09/20/2022 21:15:00 UTC
Last modified on: 09/21/2022 19:47:00 UTC