Vulnerabilities > CVE-2018-7079 - Incorrect Authorization vulnerability in Arubanetworks Clearpass Policy Manager

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

arubanetworks

CWE-863

NVD

Published: 2018-12-07

Updated: 2019-10-03

Summary

Aruba ClearPass Policy Manager guest authorization failure. Certain administrative operations in ClearPass Guest do not properly enforce authorization rules, which allows any authenticated administrative user to execute those operations regardless of privilege level. This could allow low-privilege users to view, modify, or delete guest users. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix.

Vulnerable Configurations

Part	Description	Count
Application	Arubanetworks Arubanetworks Clearpass Policy Manager 6.7.0 Arubanetworks Clearpass Policy Manager 6.7.1 Arubanetworks Clearpass Policy Manager 6.7.2 Arubanetworks Clearpass Policy Manager 6.7.3 Arubanetworks Clearpass Policy Manager 6.7.4 Arubanetworks Clearpass Policy Manager 6.7.5 Arubanetworks Clearpass Policy Manager - Arubanetworks Clearpass Policy Manager 3.0 Arubanetworks Clearpass Policy Manager 3.0.1 Arubanetworks Clearpass Policy Manager 3.5.1 Arubanetworks Clearpass Policy Manager 4.0 Arubanetworks Clearpass Policy Manager 5.1 Arubanetworks Clearpass Policy Manager 5.1.1 Arubanetworks Clearpass Policy Manager 5.2 Arubanetworks Clearpass Policy Manager 6.0.1 Arubanetworks Clearpass Policy Manager 6.0.2 Arubanetworks Clearpass Policy Manager 6.1 Arubanetworks Clearpass Policy Manager 6.1.1 Arubanetworks Clearpass Policy Manager 6.1.2 Arubanetworks Clearpass Policy Manager 6.1.3 Arubanetworks Clearpass Policy Manager 6.1.4 Arubanetworks Clearpass Policy Manager 6.2.0 Arubanetworks Clearpass Policy Manager 6.2.1 Arubanetworks Clearpass Policy Manager 6.2.2 Arubanetworks Clearpass Policy Manager 6.2.3 Arubanetworks Clearpass Policy Manager 6.2.4 Arubanetworks Clearpass Policy Manager 6.2.5 Arubanetworks Clearpass Policy Manager 6.2.6 Arubanetworks Clearpass Policy Manager 6.3.0 Arubanetworks Clearpass Policy Manager 6.3.0.60730 Arubanetworks Clearpass Policy Manager 6.3.1 Arubanetworks Clearpass Policy Manager 6.3.2 Arubanetworks Clearpass Policy Manager 6.3.3 Arubanetworks Clearpass Policy Manager 6.3.4 Arubanetworks Clearpass Policy Manager 6.3.5 Arubanetworks Clearpass Policy Manager 6.3.6 Arubanetworks Clearpass Policy Manager 6.4.0 Arubanetworks Clearpass Policy Manager 6.4.1 Arubanetworks Clearpass Policy Manager 6.4.2 Arubanetworks Clearpass Policy Manager 6.4.3 Arubanetworks Clearpass Policy Manager 6.4.4 Arubanetworks Clearpass Policy Manager 6.4.5 Arubanetworks Clearpass Policy Manager 6.4.6 Arubanetworks Clearpass Policy Manager 6.4.7 Arubanetworks Clearpass Policy Manager 6.5.0 Arubanetworks Clearpass Policy Manager 6.5.1 Arubanetworks Clearpass Policy Manager 6.5.2 Arubanetworks Clearpass Policy Manager 6.5.3 Arubanetworks Clearpass Policy Manager 6.5.4 Arubanetworks Clearpass Policy Manager 6.5.5 Arubanetworks Clearpass Policy Manager 6.5.6 Arubanetworks Clearpass Policy Manager 6.5.7 Arubanetworks Clearpass Policy Manager 6.6.0 Arubanetworks Clearpass Policy Manager 6.6.1 Arubanetworks Clearpass Policy Manager 6.6.2 Arubanetworks Clearpass Policy Manager 6.6.3 Arubanetworks Clearpass Policy Manager 6.6.4 Arubanetworks Clearpass Policy Manager 6.6.5 Arubanetworks Clearpass Policy Manager 6.6.7 Arubanetworks Clearpass Policy Manager 6.6.8 Arubanetworks Clearpass Policy Manager 6.6.9	65

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-007.txt