First published: Mon May 16 2022(Updated: )
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
Credit: security-alert@hpe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Arubanetworks Clearpass Policy Manager | <6.8.9 | |
Arubanetworks Clearpass Policy Manager | >=6.9.0<6.9.10 | |
Arubanetworks Clearpass Policy Manager | >=6.10.0<6.10.5 | |
Arubanetworks Clearpass Policy Manager | =6.8.9 | |
Arubanetworks Clearpass Policy Manager | =6.8.9-hotfix1 | |
Arubanetworks Clearpass Policy Manager | =6.8.9-hotfix2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-23664 is an authenticated remote command injection vulnerability discovered in Aruba ClearPass Policy Manager.
Aruba ClearPass Policy Manager versions 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below are affected by CVE-2022-23664.
CVE-2022-23664 has a severity rating of 9.1 (critical).
Aruba has released updates to ClearPass Policy Manager that address the security vulnerability. It is recommended to update to the latest version available.
You can find more information about CVE-2022-23664 in the official Aruba Networks security advisory: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-007.txt