CVE-2014-2071
First published: Mon Jan 08 2018(Updated: )
Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner and outer identities within a tunneled EAP method.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arubanetworks Clearpass | >=6.1<=6.1.4 | |
| Arubanetworks Clearpass | >=6.2<6.2.5.61640 | |
| Arubanetworks Clearpass | >=6.3<6.3.0.61712 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this security issue?
The vulnerability ID is CVE-2014-2071.
What is the title of this vulnerability?
The title of this vulnerability is Aruba Networks ClearPass Policy Manager.
What is the severity of CVE-2014-2071?
The severity of CVE-2014-2071 is high with a CVSS score of 7.1.
Which versions of Aruba Networks ClearPass are affected by this vulnerability?
Aruba Networks ClearPass versions 6.1.x, 6.2.x before 6.2.5.61640, and 6.3.x before 6.3.0.61712 are affected.
How can a remote authenticated user exploit this vulnerability?
Remote authenticated users can exploit this vulnerability by advertising independent inner and outer identities.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/arubanetworks
- canonical/arubanetworks clearpass
- version/arubanetworks clearpass/6.1
- version/arubanetworks clearpass/6.1.4
- version/arubanetworks clearpass/6.2
- version/arubanetworks clearpass/6.3