Vulnerability Description
An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation. All versions of ClearPass are affected by multiple authenticated SQL injection vulnerabilities. In each case, an authenticated administrative user of any type could exploit this vulnerability to gain access to "appadmin" credentials, leading to complete cluster compromise. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Arubanetworks | Clearpass Policy Manager | < 6.6.10 |
Related Weaknesses (CWE)
References
- https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-007.txtVendor Advisory
- https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-007.txtVendor Advisory
FAQ
What is CVE-2018-7065?
CVE-2018-7065 is a vulnerability with a CVSS score of 7.2 (HIGH). An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation. All versions of ClearPass are affected by multiple authenticated SQL injection vulnerab...
How severe is CVE-2018-7065?
CVE-2018-7065 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-7065?
Check the references section above for vendor advisories and patch information. Affected products include: Arubanetworks Clearpass Policy Manager.