Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.

Advisories
Source ID Title
EUVD EUVD EUVD-2024-23565 Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 27 Mar 2025 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Arubanetworks
Arubanetworks clearpass Policy Manager
CPEs cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.8:-:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.8:cumulative_hotfix_patch_2:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.8:cumulative_hotfix_patch_5:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.8:cumulative_hotfix_patch_6:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.12.0:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.13:-:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.13:cumulative_hotfix_patch_2:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.13:cumulative_hotfix_patch_3:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.13:cumulative_hotfix_patch_4:*:*:*:*:*:*
Vendors & Products Arubanetworks
Arubanetworks clearpass Policy Manager

cve-icon MITRE

Status: PUBLISHED

Assigner: hpe

Published:

Updated: 2024-08-02T00:07:18.955Z

Reserved: 2024-02-16T19:42:43.184Z

Link: CVE-2024-26294

cve-icon Vulnrichment

Updated: 2024-08-02T00:07:18.955Z

cve-icon NVD

Status : Analyzed

Published: 2024-02-27T22:15:14.923

Modified: 2025-03-27T15:04:47.140

Link: CVE-2024-26294

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.