What is CVE-2023-43506?

CVE-2023-43506 is a vulnerability in the ClearPass OnGuard Linux agent that allows malicious users on a Linux instance to elevate their user privileges and execute arbitrary code with root level privileges.

How does CVE-2023-43506 affect Arubanetworks Clearpass Policy Manager?

CVE-2023-43506 affects Arubanetworks Clearpass Policy Manager versions up to 6.9.13, versions between 6.10.0 and 6.10.8, and versions between 6.11.0 and 6.11.4.

What is the severity of CVE-2023-43506?

CVE-2023-43506 has a severity value of 7.8, which is considered high.

How can I fix CVE-2023-43506 in Arubanetworks Clearpass Policy Manager?

To fix CVE-2023-43506 in Arubanetworks Clearpass Policy Manager, you should update to a version higher than 6.11.4.

Where can I find more information about CVE-2023-43506?

You can find more information about CVE-2023-43506 in the advisory released by Aruba Networks: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt

Vulnerability/
CVE-2023-43506

high

7.8

25/10/2023

1/11/2023

CVE-2023-43506

First published: Wed Oct 25 2023(Updated: )

A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance.

Credit: security-alert@hpe.com

Affected Software	Affected Version	How to fix
Arubanetworks Clearpass Policy Manager	<6.9.13
Arubanetworks Clearpass Policy Manager	>=6.10.0<6.10.8
Arubanetworks Clearpass Policy Manager	>=6.11.0<=6.11.4
Arubanetworks Clearpass Policy Manager	=6.9.13
Arubanetworks Clearpass Policy Manager	=6.9.13-cumulative_hotfix_patch_2
Arubanetworks Clearpass Policy Manager	=6.9.13-cumulative_hotfix_patch_3
Arubanetworks Clearpass Policy Manager	=6.10.8
Arubanetworks Clearpass Policy Manager	=6.10.8-cumulative_hotfix_patch_2
Arubanetworks Clearpass Policy Manager	=6.10.8-cumulative_hotfix_patch_5
Linux Linux kernel

Never miss a vulnerability like this again

Reference Links

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt

Frequently Asked Questions

What is CVE-2023-43506?
CVE-2023-43506 is a vulnerability in the ClearPass OnGuard Linux agent that allows malicious users on a Linux instance to elevate their user privileges and execute arbitrary code with root level privileges.
How does CVE-2023-43506 affect Arubanetworks Clearpass Policy Manager?
CVE-2023-43506 affects Arubanetworks Clearpass Policy Manager versions up to 6.9.13, versions between 6.10.0 and 6.10.8, and versions between 6.11.0 and 6.11.4.
What is the severity of CVE-2023-43506?
CVE-2023-43506 has a severity value of 7.8, which is considered high.
How can I fix CVE-2023-43506 in Arubanetworks Clearpass Policy Manager?
To fix CVE-2023-43506 in Arubanetworks Clearpass Policy Manager, you should update to a version higher than 6.11.4.
Where can I find more information about CVE-2023-43506?
You can find more information about CVE-2023-43506 in the advisory released by Aruba Networks: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt

collector/nvd-api
agent/references
agent/severity
agent/author
agent/tags
agent/type
agent/description
agent/event
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
vendor/arubanetworks
canonical/arubanetworks clearpass policy manager
version/arubanetworks clearpass policy manager/6.10.0
version/arubanetworks clearpass policy manager/6.11.0
version/arubanetworks clearpass policy manager/6.11.4
version/arubanetworks clearpass policy manager/6.9.13
version/arubanetworks clearpass policy manager/6.9.13-cumulative_hotfix_patch_2
version/arubanetworks clearpass policy manager/6.9.13-cumulative_hotfix_patch_3
version/arubanetworks clearpass policy manager/6.10.8
version/arubanetworks clearpass policy manager/6.10.8-cumulative_hotfix_patch_2
version/arubanetworks clearpass policy manager/6.10.8-cumulative_hotfix_patch_5
vendor/linux
canonical/linux linux kernel