CVE-2021-40986: Command Injection
First published: Fri Oct 15 2021(Updated: )
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.
Credit: security-alert@hpe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arubanetworks Clearpass Policy Manager | >=6.8.0<6.8.9 | |
| Arubanetworks Clearpass Policy Manager | >=6.9.0<6.9.7 | |
| Arubanetworks Clearpass Policy Manager | >=6.10.0<6.10.2 | |
| Arubanetworks Clearpass Policy Manager | =6.8.9 | |
| Arubanetworks Clearpass Policy Manager | =6.9.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this Aruba ClearPass Policy Manager remote arbitrary command execution vulnerability?
The vulnerability ID for this Aruba ClearPass Policy Manager remote arbitrary command execution vulnerability is CVE-2021-40986.
What is the severity of CVE-2021-40986?
The severity of CVE-2021-40986 is critical with a severity value of 7.2.
Which versions of Aruba ClearPass Policy Manager are affected by CVE-2021-40986?
Versions ClearPass Policy Manager 6.10.x prior to 6.10.2, ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1, and ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1 are affected by CVE-2021-40986.
Has Aruba released any patches for CVE-2021-40986?
Yes, Aruba has released patches for CVE-2021-40986.
What is the Common Weakness Enumeration (CWE) ID for CVE-2021-40986?
The Common Weakness Enumeration (CWE) ID for CVE-2021-40986 is CWE-77.
Where can I find more information about CVE-2021-40986?
You can find more information about CVE-2021-40986 at the following reference: [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-018.txt)
- collector/nvd-index
- agent/weakness
- agent/type
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/arubanetworks
- canonical/arubanetworks clearpass policy manager
- version/arubanetworks clearpass policy manager/6.8.0
- version/arubanetworks clearpass policy manager/6.9.0
- version/arubanetworks clearpass policy manager/6.10.0
- version/arubanetworks clearpass policy manager/6.8.9
- version/arubanetworks clearpass policy manager/6.9.7