A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system.
Metrics
Affected Vendors & Products
References
History
Tue, 03 Dec 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-77 | |
Metrics |
ssvc
|
Tue, 03 Dec 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system. | |
Title | Authenticated Remote Command Injection in HPE Aruba Networking ClearPass Policy Manager Web-Based Management Interface | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: hpe
Published: 2024-12-03T20:14:36.528Z
Updated: 2024-12-06T20:11:12.864Z
Reserved: 2024-11-21T16:51:49.639Z
Link: CVE-2024-53672
Vulnrichment
Updated: 2024-12-03T21:48:03.993Z
NVD
Status : Awaiting Analysis
Published: 2024-12-03T21:15:07.990
Modified: 2024-12-06T20:15:27.883
Link: CVE-2024-53672
Redhat
No data.