CVE-2018-7058
First published: Mon Aug 06 2018(Updated: )
Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability, an attacker can leverage this vulnerability to gain administrator privileges on the system. The vulnerability is exposed only on ClearPass web interfaces, including administrative, guest captive portal, and API. Customers who do not expose ClearPass web interfaces to untrusted users are impacted to a lesser extent.
Credit: security-alert@hpe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hp Aruba Clearpass Policy Manager | >=6.6.0<6.6.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2018-7058?
The severity of CVE-2018-7058 is critical, with a severity value of 9.8.
How does CVE-2018-7058 affect Aruba ClearPass?
CVE-2018-7058 affects all versions of Aruba ClearPass 6.6.x prior to 6.6.9, exposing an authentication bypass vulnerability that allows an attacker to gain administrator privileges on the system.
Which software versions are affected by CVE-2018-7058?
All versions of Aruba ClearPass 6.6.x prior to 6.6.9 are affected by CVE-2018-7058.
How can an attacker exploit CVE-2018-7058?
An attacker can exploit CVE-2018-7058 by leveraging the authentication bypass vulnerability exposed on ClearPass web interfaces, including administrative and guest capabilities.
Is there a fix for CVE-2018-7058?
Yes, the fix for CVE-2018-7058 is to update Aruba ClearPass to version 6.6.9 or later.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/type
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/hp
- canonical/hp aruba clearpass policy manager
- version/hp aruba clearpass policy manager/6.6.0