First published: Wed Mar 22 2023(Updated: )
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further privileges on the ClearPass instance.
Credit: security-alert@hpe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Arubanetworks Clearpass Policy Manager | >=6.9.0<=6.9.13 | |
Arubanetworks Clearpass Policy Manager | >=6.10.0<=6.10.8 | |
Arubanetworks Clearpass Policy Manager | =6.11.0 | |
Arubanetworks Clearpass Policy Manager | =6.11.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-25591 is a vulnerability in the web-based management interface of ClearPass Policy Manager that could allow a remote attacker authenticated with low privileges to access sensitive information.
The severity of CVE-2023-25591 is high.
A successful exploit of CVE-2023-25591 allows an attacker to retrieve information which could be used to potentially gain further privileges.
ClearPass Policy Manager versions 6.9.0 to 6.9.13, 6.10.0 to 6.10.8, 6.11.0, and 6.11.1 are affected by CVE-2023-25591.
To fix CVE-2023-25591, it is recommended to upgrade to a version that is not affected.