Vulnerabilities > CVE-2018-7079 - Incorrect Authorization vulnerability in Arubanetworks Clearpass Policy Manager

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

arubanetworks

CWE-863

NVD

Published: 2018-12-07

Updated: 2019-10-03

Summary

Aruba ClearPass Policy Manager guest authorization failure. Certain administrative operations in ClearPass Guest do not properly enforce authorization rules, which allows any authenticated administrative user to execute those operations regardless of privilege level. This could allow low-privilege users to view, modify, or delete guest users. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix.

Vulnerable Configurations

Part	Description	Count
Application	Arubanetworks Arubanetworks Clearpass Policy Manager 3.0 Arubanetworks Clearpass Policy Manager 3.0.1 Arubanetworks Clearpass Policy Manager 3.5.1 Arubanetworks Clearpass Policy Manager 4.0 Arubanetworks Clearpass Policy Manager 5.1 Arubanetworks Clearpass Policy Manager 5.1.1 Arubanetworks Clearpass Policy Manager 5.2 Arubanetworks Clearpass Policy Manager 6.0.1 Arubanetworks Clearpass Policy Manager 6.0.2 Arubanetworks Clearpass Policy Manager 6.1 Arubanetworks Clearpass Policy Manager 6.1.1 Arubanetworks Clearpass Policy Manager 6.1.2 Arubanetworks Clearpass Policy Manager 6.1.3 Arubanetworks Clearpass Policy Manager 6.1.4 Arubanetworks Clearpass Policy Manager 6.2.0 Arubanetworks Clearpass Policy Manager 6.2.1 Arubanetworks Clearpass Policy Manager 6.2.2 Arubanetworks Clearpass Policy Manager 6.2.3 Arubanetworks Clearpass Policy Manager 6.2.4 Arubanetworks Clearpass Policy Manager 6.2.5 Arubanetworks Clearpass Policy Manager 6.2.6 Arubanetworks Clearpass Policy Manager 6.3.0 Arubanetworks Clearpass Policy Manager 6.3.0.60730 Arubanetworks Clearpass Policy Manager 6.3.1 Arubanetworks Clearpass Policy Manager 6.3.2 Arubanetworks Clearpass Policy Manager 6.3.3 Arubanetworks Clearpass Policy Manager 6.3.4 Arubanetworks Clearpass Policy Manager 6.3.5 Arubanetworks Clearpass Policy Manager 6.3.6 Arubanetworks Clearpass Policy Manager 6.4.0 Arubanetworks Clearpass Policy Manager 6.4.1 Arubanetworks Clearpass Policy Manager 6.4.2 Arubanetworks Clearpass Policy Manager 6.4.3 Arubanetworks Clearpass Policy Manager 6.4.4 Arubanetworks Clearpass Policy Manager 6.4.5 Arubanetworks Clearpass Policy Manager 6.4.6 Arubanetworks Clearpass Policy Manager 6.4.7 Arubanetworks Clearpass Policy Manager 6.5.0 Arubanetworks Clearpass Policy Manager 6.5.1 Arubanetworks Clearpass Policy Manager 6.5.2 Arubanetworks Clearpass Policy Manager 6.5.3 Arubanetworks Clearpass Policy Manager 6.5.4 Arubanetworks Clearpass Policy Manager 6.5.5 Arubanetworks Clearpass Policy Manager 6.5.6 Arubanetworks Clearpass Policy Manager 6.5.7 Arubanetworks Clearpass Policy Manager 6.6.0 Arubanetworks Clearpass Policy Manager 6.6.1 Arubanetworks Clearpass Policy Manager 6.6.2 Arubanetworks Clearpass Policy Manager 6.6.3 Arubanetworks Clearpass Policy Manager 6.6.4 Arubanetworks Clearpass Policy Manager 6.6.5 Arubanetworks Clearpass Policy Manager 6.6.7 Arubanetworks Clearpass Policy Manager 6.6.8 Arubanetworks Clearpass Policy Manager 6.6.9 Arubanetworks Clearpass Policy Manager 6.7.0 Arubanetworks Clearpass Policy Manager 6.7.1 Arubanetworks Clearpass Policy Manager 6.7.2 Arubanetworks Clearpass Policy Manager 6.7.3 Arubanetworks Clearpass Policy Manager 6.7.4 Arubanetworks Clearpass Policy Manager 6.7.5	64

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-007.txt