In certain cases, an attacker could exploit these vulnerabilities to cause a denial-of-service condition against the ClearPass Policy Manager cluster in Aruba. An attacker could also exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster in Aruba. ClearPass Policy Manager version(s): 9.2.x: 9.2.10 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities. In certain cases, an attacker could exploit these vulnerabilities to cause a denial-of-service condition against the Aruba ClearPass Policy Manager instance. An attacker could also exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the Aruba ClearPass Policy Manager instance. ClearPass Policy Manager version(s): 9.3.x: 9.3.7 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities. In certain cases, an attacker could exploit these vulnerabilities to cause a denial-of-service condition against the Aruba ClearPass Policy Manager instance. An attacker could also exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the Aruba ClearPass Policy Manager instance.
ClearPass Policy Manager Denial of Service Vulnerability
In certain cases, an attacker could exploit these vulnerabilities to cause a denial-of-service condition against the ClearPass Policy Manager cluster in Aruba. An attacker could also exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster in Aruba. ClearPass Policy Manager version(s): 9.2.x: 9.2.10 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities. In certain cases, an attacker could exploit these vulnerabilities to cause a denial-of-service condition against the Aruba ClearPass Policy Manager instance. An attacker could also exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the Aruba ClearPass Policy Manager instance.
Vulnerability Scoring
CVE-2022-23696: Medium Severity
ClearPass Policy Manager 9.2.x: Low Severity
Aruba ClearPass Policy Manager 9.1.x, 9.2.x, 9.3.x: High Severity
Vulnerability Scenario
A ClearPass Policy Manager instance is a separate component of Aruba's ClearPass Identity Services platform and is not exposed to the internet. This component does not contain any sensitive information. The vulnerabilities described in CVE-2022-23696 are present in the Aruba ClearPass Policy Manager component only, which is exposed to the internet. These vulnerabilities allow an attacker to cause a denial-of-service condition against the Aruba ClearPass Policy Manager instance.
The timeline for updates is as follows:
Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities. In certain cases, an attacker could exploit these vulnerabilities to cause a denial-of-service condition against the Aruba ClearPass Policy Manager instance. An attacker could also exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the Aruba ClearPass Policy Manager instance. ClearPass Policy Manager version(s): 9.3.x: 9.3.7 and below
Vulnerability Overview
In certain cases, an attacker could exploit these vulnerabilities to cause a denial-of-service condition against the ClearPass Policy Manager cluster in Aruba. An attacker could also exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster in Aruba.
ClearPass Policy Manager version(s): 9.2.x: 9.2.10 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities. In certain cases, an attacker could exploit these vulnerabilities to cause a denial-of-service condition against the Aruba ClearPass Policy Manager instance. An attacker could also exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the Aruba ClearPass Policy Manager instance. ClearPass Policy Manager version(s): 9.3.x: 9.3.7 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.
Timeline
Published on: 09/20/2022 21:15:00 UTC
Last modified on: 09/21/2022 19:40:00 UTC