Vulnerabilities > CVE-2020-7113 - Unspecified vulnerability in Arubanetworks Clearpass

CVSS 4.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

arubanetworks

nessus

NVD

Published: 2020-04-16

Updated: 2021-07-21

Summary

A vulnerability was found when an attacker, while communicating with the ClearPass management interface, is able to intercept and change parameters in the HTTP packets resulting in the compromise of some of ClearPass' service accounts. Resolution: Fixed in 6.7.10, 6.8.1, 6.9.0 and higher.

Vulnerable Configurations

Part	Description	Count
Application	Arubanetworks Arubanetworks Clearpass 6.7.0 Arubanetworks Clearpass 6.7.1 Arubanetworks Clearpass 6.7.2 Arubanetworks Clearpass 6.7.3 Arubanetworks Clearpass 6.7.4 Arubanetworks Clearpass 6.7.5 Arubanetworks Clearpass 6.7.6 Arubanetworks Clearpass 6.7.7 Arubanetworks Clearpass 6.7.8 Arubanetworks Clearpass 6.7.9 Arubanetworks Clearpass 6.7.10 Arubanetworks Clearpass 6.7.11 Arubanetworks Clearpass 6.7.12 Arubanetworks Clearpass 6.8.0 Arubanetworks Clearpass 6.8.1 Arubanetworks Clearpass 6.8.2 Arubanetworks Clearpass 6.8.3	17

Nessus

NASL family	CGI abuses
NASL id	ARUBA_CLEARPASS_POLMAN_6_8_4.NASL
description	The remote host is Aruba Networks (HP) Clearpass Policy Manager version 6.7.x prior to 6.7.13, or 6.8.x prior to 6.8.4. It is, therefore, vulnerable to multiple security vulnerabilities as described in the vendor advisory ARUBA-PSA-2020-004.
last seen	2020-05-06
modified	2020-05-01
plugin id	136283
published	2020-05-01
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/136283
title	Aruba Networks ClearPass Policy Manager 6.7.x < 6.7.13 / 6.8.x < 6.8.4 Multiple Vulnerabilities (ARUBA-PSA-2020-004)
code	# # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(136283); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/17"); script_cve_id( "CVE-2020-7110", "CVE-2020-7111", "CVE-2020-7113", "CVE-2020-7114" ); script_xref(name:"IAVA", value:"2020-A-0178-S"); script_name(english:"Aruba Networks ClearPass Policy Manager 6.7.x < 6.7.13 / 6.8.x < 6.8.4 Multiple Vulnerabilities (ARUBA-PSA-2020-004)"); script_set_attribute(attribute:"synopsis", value: "The remote host running Aruba Networks (HP) Clearpass Policy Manager is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote host is Aruba Networks (HP) Clearpass Policy Manager version 6.7.x prior to 6.7.13, or 6.8.x prior to 6.8.4. It is, therefore, vulnerable to multiple security vulnerabilities as described in the vendor advisory ARUBA-PSA-2020-004."); script_set_attribute(attribute:"see_also", value:"https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-004.txt"); script_set_attribute(attribute:"solution", value: "Upgrade to Aruba Networks (HP) Clearpass Policy Manager version 6.7.13 / 6.8.4 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-7114"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/14"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/01"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:arubanetworks:clearpass"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("aruba_clearpass_polman_detect.nbin"); script_require_keys("Host/Aruba_Clearpass_Policy_Manager/version"); exit(0); } include('vcf.inc'); app = 'Aruba ClearPass Policy Manager'; app_info = vcf::get_app_info(app:app, kb_ver:"Host/Aruba_Clearpass_Policy_Manager/version"); constraints = [ { 'min_version' : '6.7.0', 'fixed_version' : '6.7.13' }, { 'min_version' : '6.8.0', 'fixed_version' : '6.8.4' } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-004.txt