Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.

Advisories
Source ID Title
EUVD EUVD EUVD-2024-23567 Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 27 Mar 2025 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Arubanetworks
Arubanetworks clearpass Policy Manager
CPEs cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.8:-:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.8:cumulative_hotfix_patch_2:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.8:cumulative_hotfix_patch_5:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.8:cumulative_hotfix_patch_6:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.12.0:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.13:-:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.13:cumulative_hotfix_patch_2:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.13:cumulative_hotfix_patch_3:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.13:cumulative_hotfix_patch_4:*:*:*:*:*:*
Vendors & Products Arubanetworks
Arubanetworks clearpass Policy Manager

cve-icon MITRE

Status: PUBLISHED

Assigner: hpe

Published:

Updated: 2024-08-02T00:07:19.027Z

Reserved: 2024-02-16T19:42:43.185Z

Link: CVE-2024-26296

cve-icon Vulnrichment

Updated: 2024-08-02T00:07:19.027Z

cve-icon NVD

Status : Analyzed

Published: 2024-02-27T22:15:15.263

Modified: 2025-03-27T15:07:38.220

Link: CVE-2024-26296

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.