CVE-2022-37880
First published: Tue Sep 20 2022(Updated: )
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.
Credit: security-alert@hpe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arubanetworks Clearpass Policy Manager | >=6.9.0<6.9.12 | |
| Arubanetworks Clearpass Policy Manager | >=6.10.0<6.10.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-37880?
CVE-2022-37880 is a vulnerability in the ClearPass Policy Manager web-based management interface that allows remote authenticated users to run arbitrary commands on the underlying host.
How severe is CVE-2022-37880?
CVE-2022-37880 has a severity rating of 7.2 (high).
Which versions of ClearPass Policy Manager are affected by CVE-2022-37880?
ClearPass Policy Manager versions 6.9.0 to 6.9.12 and versions 6.10.0 to 6.10.7 are affected by CVE-2022-37880.
How can an attacker exploit CVE-2022-37880?
A successful exploit of CVE-2022-37880 allows an attacker to execute arbitrary commands as root on the underlying operating system.
Is there a fix available for CVE-2022-37880?
Yes, it is recommended to update ClearPass Policy Manager to a version that is not affected by CVE-2022-37880.
- collector/nvd-index
- vendor/arubanetworks
- canonical/arubanetworks clearpass policy manager
- version/arubanetworks clearpass policy manager/6.9.0
- version/arubanetworks clearpass policy manager/6.10.0