end users are advised to upgrade their Aruba ClearPass Policy Manager software to the latest version to address these issues. Vulnerability details CVE-2019-1932 The ClearPass Policy Manager web-based interface does not restrict the installation of custom scripts, allowing attackers to execute arbitrary code on the underlying host.
The ClearPass Policy Manager web-based interface does not restrict the installation of custom scripts, allowing attackers to execute arbitrary code on the underlying host. CVE-2019-1933 The ClearPass Policy Manager web-based interface does not restrict the installation of custom scripts, allowing attackers to execute arbitrary code on the underlying host.The ClearPass Policy Manager web-based interface does not restrict the installation of custom scripts, allowing attackers to execute arbitrary code on the underlying host. CVE-2019-1934 The ClearPass Policy Manager web-based interface does not restrict the installation of custom scripts, allowing attackers to execute arbitrary code on the underlying host.The ClearPass Policy Manager web-based interface does not restrict the installation of custom scripts, allowing attackers to execute arbitrary code on the underlying host. CVE-2019-1935 The ClearPass Policy Manager web-based interface does not restrict the installation of custom scripts, allowing attackers to execute arbitrary code on the underlying host
ClearPass Policy Manager and Aruba ClearPass Software Overview
ClearPass Policy Manager and Aruba ClearPass software are two separate products. There are some similarities, but there are also differences.
ClearPass Policy Manager software versions
ClearPass Policy Manager versions prior to version 4.7.1 are vulnerable to remote code execution
ClearPass Policy Manager versions prior to version 4.7.2 are also vulnerable to remote code execution
Vulnerable ClearPass Policy Manager versions can be identified by the presence of an "I'm not a robot" meta tag in the web-based interface
ClearPass Policy Manager software versions prior to version 4.7.2 are also vulnerable to remote code execution
ClearPass Policy Manager software versions prior to version 4.7.1 are vulnerable to remote code execution
ClearPass Policy Manager software versions prior to version 4.8 are also vulnerable to remote code execution
Clearpass Policy Manager and Services
ClearPass Policy Manager and Services is a service to help organizations manage and implement their network security policy across the enterprise. This includes customers who have ClearPass Policy Manager and clients that have ClearPass in-place.
The vulnerability in question affects the web-based interface on ClearPass Policy Manager, which does not restrict the installation of custom scripts, allowing attackers to execute arbitrary code on the underlying host. For more information about this vulnerability, see CVE-2019-1932, CVE-2019-1933, and CVE-2019-1934
Timeline
Published on: 09/20/2022 20:15:00 UTC
Last modified on: 09/21/2022 20:15:00 UTC