Vulnerability Description
The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Arubanetworks | Clearpass Policy Manager | >= 6.7.0, <= 6.7.13 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/158368/ClearPass-Policy-Manager-UnauthenticExploitThird Party AdvisoryVDB Entry
- https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-005.txtVendor Advisory
- http://packetstormsecurity.com/files/158368/ClearPass-Policy-Manager-UnauthenticExploitThird Party AdvisoryVDB Entry
- https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-005.txtVendor Advisory
FAQ
What is CVE-2020-7115?
CVE-2020-7115 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to remo...
How severe is CVE-2020-7115?
CVE-2020-7115 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-7115?
Check the references section above for vendor advisories and patch information. Affected products include: Arubanetworks Clearpass Policy Manager.