A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. Successful exploitation could enable the attacker to run arbitrary commands on the underlying operating system.
History

Tue, 03 Dec 2024 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Arubanetworks
Arubanetworks clearpass Policy Manager
Weaknesses CWE-77
CPEs cpe:2.3:a:arubanetworks:clearpass_policy_manager:-:*:*:*:*:*:*:*
Vendors & Products Arubanetworks
Arubanetworks clearpass Policy Manager
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 03 Dec 2024 20:15:00 +0000

Type Values Removed Values Added
Description A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. Successful exploitation could enable the attacker to run arbitrary commands on the underlying operating system.
Title Authenticated Remote Code Execution (RCE) via OGNL Injection in HPE Aruba Networking ClearPass Web-Based Management Interface
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2024-12-03T20:02:02.240Z

Updated: 2024-12-03T21:55:47.056Z

Reserved: 2024-11-01T14:42:12.299Z

Link: CVE-2024-51771

cve-icon Vulnrichment

Updated: 2024-12-03T21:55:27.238Z

cve-icon NVD

Status : Received

Published: 2024-12-03T20:15:15.477

Modified: 2024-12-03T22:15:05.180

Link: CVE-2024-51771

cve-icon Redhat

No data.