Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that helps to coordinate cluster actions. An authenticated user with the "mon" permission could use this vulnerability to obtain cluster credentials which could allow privilege escalation. This vulnerability is only present when authenticated as a user with "mon" permission.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: hpe
Published: 2018-08-06T20:00:00
Updated: 2024-08-05T06:17:17.361Z
Reserved: 2018-02-15T00:00:00
Link: CVE-2018-7059
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-08-06T20:29:01.680
Modified: 2018-10-18T13:48:22.143
Link: CVE-2018-7059
Redhat
No data.