CVE-2023-25594
First published: Wed Mar 22 2023(Updated: )
A vulnerability in the web-based management interface of ClearPass Policy Manager allows an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of this vulnerability allows an attacker to complete state-changing actions in the web-based management interface that should not be allowed by their current level of authorization on the platform.
Credit: security-alert@hpe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arubanetworks Clearpass Policy Manager | >=6.9.0<=6.9.13 | |
| Arubanetworks Clearpass Policy Manager | >=6.10.0<=6.10.8 | |
| Arubanetworks Clearpass Policy Manager | =6.11.0 | |
| Arubanetworks Clearpass Policy Manager | =6.11.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-25594?
CVE-2023-25594 is a vulnerability in the web-based management interface of ClearPass Policy Manager that allows an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance.
How does CVE-2023-25594 impact Arubanetworks Clearpass Policy Manager?
Successful exploitation of CVE-2023-25594 allows an attacker to complete state-changing actions on affected versions of Arubanetworks Clearpass Policy Manager.
What is the severity level of CVE-2023-25594?
CVE-2023-25594 has a severity level of 8.8 (high).
How can I fix CVE-2023-25594?
To fix CVE-2023-25594, it is recommended to apply the necessary patches or updates provided by Arubanetworks for the affected versions of ClearPass Policy Manager.
Where can I find more information about CVE-2023-25594?
You can find more information about CVE-2023-25594 on the Arubanetworks website, specifically in their advisory ARUBA-PSA-2023-003.txt.
- collector/nvd-index
- vendor/arubanetworks
- canonical/arubanetworks clearpass policy manager
- version/arubanetworks clearpass policy manager/6.9.0
- version/arubanetworks clearpass policy manager/6.9.13
- version/arubanetworks clearpass policy manager/6.10.0
- version/arubanetworks clearpass policy manager/6.10.8
- version/arubanetworks clearpass policy manager/6.11.0
- version/arubanetworks clearpass policy manager/6.11.1