CVE-2018-7059: Input Validation
First published: Mon Aug 06 2018(Updated: )
Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that helps to coordinate cluster actions. An authenticated user with the "mon" permission could use this vulnerability to obtain cluster credentials which could allow privilege escalation. This vulnerability is only present when authenticated as a user with "mon" permission.
Credit: security-alert@hpe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hp Aruba Clearpass Policy Manager | <6.6.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of Aruba ClearPass?
The vulnerability ID of Aruba ClearPass is CVE-2018-7059.
What is the severity level of CVE-2018-7059?
The severity level of CVE-2018-7059 is high.
What software versions are affected by CVE-2018-7059?
Aruba ClearPass versions prior to 6.6.9 are affected by CVE-2018-7059.
What is the risk of CVE-2018-7059?
CVE-2018-7059 allows an authenticated user with the "mon" permission to obtain cluster credentials, leading to privilege escalation.
How can I fix the CVE-2018-7059 vulnerability?
To fix the CVE-2018-7059 vulnerability, update Aruba ClearPass to version 6.6.9 or later.
- collector/nvd-index
- agent/type
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/tags
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/hp
- canonical/hp aruba clearpass policy manager