First published: Thu Apr 16 2020(Updated: )
A vulnerability was found when an attacker, while communicating with the ClearPass management interface, is able to intercept and change parameters in the HTTP packets resulting in the compromise of some of ClearPass' service accounts. Resolution: Fixed in 6.7.10, 6.8.1, 6.9.0 and higher.
Credit: security-alert@hpe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Arubanetworks Clearpass | >=6.7.0<6.7.13 | |
Arubanetworks Clearpass | >=6.8.0<6.8.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-7113 is a vulnerability that allows an attacker to intercept and change parameters in the HTTP packets while communicating with the ClearPass management interface, compromising ClearPass' service accounts.
CVE-2020-7113 has a severity rating of 4.9 (medium).
ClearPass versions 6.7.0 to 6.7.13 and versions 6.8.0 to 6.8.4 are affected by CVE-2020-7113.
To fix CVE-2020-7113, upgrade to ClearPass versions 6.7.10, 6.8.1, 6.9.0, or higher.
More information about CVE-2020-7113 can be found at the following link: [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-004.txt)