CVE-2018-7079
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-7079
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Aruba ClearPass Policy Manager guest authorization failure. Certain administrative operations in ClearPass Guest do not properly enforce authorization rules, which allows any authenticated administrative user to execute those operations regardless of privilege level. This could allow low-privilege users to view, modify, or delete guest users. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Aruba ClearPass Policy Manager 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Aruba ClearPass是美国安移通网络(Aruba Networks)公司的一套集成了网络控制功能、应用和设备管理功能的接入管理系统。该系统可在单一位置管理与BYOD(自带设备)相关的各种事宜。Policy Manager是其中的一个策略管理器。 Aruba ClearPass 6.7.6之前的6.7.x版本和6.6.10及之前版本(没有使用hotfix)中的Policy Manager存在安全漏洞。攻击者可利用该漏洞查看、修改或删除访客用户账户。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Hewlett Packard Enterprise | Aruba ClearPass Policy Manager | ClearPass 6.7.x prior to 6.7.6, ClearPass 6.6.10 and earlier without hotfix applied | - |
II. Public POCs for CVE-2018-7079
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2018-7079
请登录查看更多情报信息。
- https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-007.txtx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2018-7079
Same Patch Batch · Hewlett Packard Enterprise · 2018-12-07 · 6 CVEs total
| CVE-2018-7063 | Aruba ClearPass 安全漏洞 | |
| CVE-2018-7065 | Aruba ClearPass Policy Manager SQL注入漏洞 | |
| CVE-2018-7066 | Aruba ClearPass Policy Manager 安全漏洞 | |
| CVE-2018-7067 | Aruba ClearPass Policy Manager 安全漏洞 | |
| CVE-2018-7080 | 多款Aruba产品安全特征问题漏洞 |
IV. Related Vulnerabilities
Same product: Aruba ClearPass Policy Manager
Same vendor: Hewlett Packard Enterprise
V. Comments for CVE-2018-7079
No comments yet