To update your Aruba ClearPass Policy Manager software, click here.
A vulnerability in the ClearPass OnGuard Windows agent could allow malicious users on a Windows instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the Windows instance in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.9 and below; 6.9.x: 6.9.13 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address this security vulnerability.
To update your Aruba ClearPass Policy Manager software, click here.
In addition to the security releases detailed above, we also recommend that customers review the following release notes for this month: Versions 6.10.10, 6.9.14, 6.9.15 and 6.8.18 of Aruba ClearPass Policy Manager contain improvements to the security of the product.
With the release of each Aruba ClearPass Policy Manager release, we advise customers to regularly review the release notes in order to stay up to date on the latest security improvements and enhancements to the product.
Summary of the vulnerabilities addressed in this release
The vulnerabilities addressed in this release were discovered by the Aruba Security Engineering team during a code review and are not unique to the ClearPass 4.0.x series of software releases.
Timeline
Published on: 09/20/2022 20:15:00 UTC
Last modified on: 09/21/2022 22:49:00 UTC