Aruba ClearPass Policy Manager tipsSimulationUpload command execution

Added: 08/13/2020
CVE: CVE-2020-7115

Background

Aruba ClearPass is a network access control solution.

Problem

A vulnerability in the tipsSimulationUpload.action resource allows remote attackers to execute arbitrary commands by uploading a shared object library in the uploadClientCertFile parameter.

Resolution

Upgrade ClearPass Policy Manager to version 6.7.13-HF, 6.8.5-HF, 6.8.6, or 6.9.1 or higher.

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-005.txt

Platforms

Linux

Back to exploit index