Vulnerability Description
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Arubanetworks | Clearpass Policy Manager | >= 6.9.0, < 6.9.12 |
Related Weaknesses (CWE)
References
- https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-020.txtVendor Advisory
- https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-020.txtVendor Advisory
FAQ
What is CVE-2022-43536?
CVE-2022-43536 is a vulnerability with a CVSS score of 7.2 (HIGH). Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an att...
How severe is CVE-2022-43536?
CVE-2022-43536 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-43536?
Check the references section above for vendor advisories and patch information. Affected products include: Arubanetworks Clearpass Policy Manager.