end users are advised to upgrade their Aruba ClearPass Policy Manager software to the latest version to address these issues. Vulnerability details CVE-2019-1932 The ClearPass Policy Manager web-based interface does not restrict the installation of custom scripts, allowing attackers to execute arbitrary code on the underlying host.
The ClearPass Policy Manager web-based interface does not restrict the installation of custom scripts, allowing attackers to execute arbitrary code on the underlying host. CVE-2019-1933 The ClearPass Policy Manager web-based interface does not restrict the installation of custom scripts, allowing attackers to execute arbitrary code on the underlying host.The ClearPass Policy Manager web-based interface does not restrict the installation of custom scripts, allowing attackers to execute arbitrary code on the underlying host. CVE-2019-1934 The ClearPass Policy Manager web-based interface does not restrict the installation of custom scripts, allowing attackers to execute arbitrary code on the underlying host.The ClearPass Policy Manager web-based interface does not restrict the installation of custom scripts, allowing attackers to execute arbitrary code on the underlying host. CVE-2019-1935 The ClearPass Policy Manager web-based interface does not restrict the installation of custom scripts, allowing attackers to execute arbitrary code on the underlying host

ClearPass Policy Manager Limitations

ClearPass Policy Manager does not check for custom scripts, which can allow attackers to execute arbitrary code on the underlying host.
ClearPass Policy Manager does not check for custom scripts, which can allow attackers to execute arbitrary code on the underlying host.

ClearPass Policy Manager and the ClearPass API

The ClearPass Policy Manager software provides an API that is accessible from a web-based interface. The API allows users to create policy rules that can be applied to network users or devices. The API also supports the creation of new policies, which are then available through the web-based interface.
The ClearPass Policy Manager software provides an API that is accessible from a web-based interface. The API allows users to create policy rules that can be applied to network users or devices. The API also supports the creation of new policies, which are then available through the web-based interface. CVE-2019-1936 The ClearPass Policy Manager software does not restrict the installation of custom scripts, allowing attackers to execute arbitrary code on the underlying host.The ClearPass Policy Manager software does not restrict the installation of custom scripts, allowing attackers to execute arbitrary code on the underlying host.

CVE-2019-1936 The ClearPass Policy Manager web-based interface does not restrict the installation of custom scripts, allowing attackers to execute arbitrary code on the underlying host.The ClearPass Policy Manager web-based interface does not restrict the installation of custom scripts, allowing attackers to execute arbitrary code on the underlying host.

CVE-2019-1937 The ClearPass Policy Manager web-based interface does not restrict the installation of custom scripts, allowing attackers to execute arbitrary code on the underlying host.The ClearPass Policy Manager web-based interface does not restrict the installation of custom scripts, allowing attackers to execute arbitrary code on the underlying host.
CVE-2019-1938 The ClearPass Policy Manager web-based interface does not restrict the installation of custom scripts, allowing attackers to execute arbitrary code on the underlying host.The ClearPass Policy Manager web-based interface does not restrict the installation of custom scripts, allowing attackers to execute arbitrary code on the underlying host.
CVE-2019-1939 The ClearPass Policy Manager web-based interface does not restrict the installation of custom scripts, allowing attackers to execute arbitrary code on the underlying host.The ClearPass Policy Manager web-based interface does not restrict the installation of custom scripts, allowing attackers to execute arbitrary code on the underlying host.

ClearPass Policy Manager and Software Description

Aruba ClearPass Policy Manager provides a unified network security management platform for wired and wireless networks. It enables organizations to centrally manage the policies, certificates, and devices on their network to protect their endpoints from malware and other unwanted content. The software uses a centralized policy engine that provides a consistent approach across all of Aruba’s products.
ClearPass Policy Manager is an enterprise-level product with features such as layer 7 networking filtering, centralized certificate management, encryption, and more. ClearPass Policy Manager is used by over 3 million users worldwide in large enterprises including banks and financial institutions, Fortune 500 companies, healthcare organizations, retailers, governments and many others.
ClearPass Policy Manager has been designed to provide flexible deployment options to meet the needs of any size organization. It can be deployed as an appliance or virtualized server with a choice of hardware configurations. It can also integrate with existing devices like managed switches or routers for enhanced scalability without requiring any new hardware purchases or upgrades.

Timeline

Published on: 09/20/2022 20:15:00 UTC
Last modified on: 09/21/2022 22:46:00 UTC

References