CVE-2018-7058 Information

Description

Aruba ClearPass all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability an attacker can leverage this vulnerability to gain administrator privileges on the system. The vulnerability is exposed only on ClearPass web interfaces including administrative guest captive portal and API. Customers who do not expose ClearPass web interfaces to untrusted users are impacted to a lesser extent.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8