CVE-2018-7079

Aruba ClearPass Policy Manager guest authorization failure. Certain administrative operations in ClearPass Guest do not properly enforce authorization rules, which allows any authenticated administrative user to execute those operations regardless of privilege level. This could allow low-privilege users to view, modify, or delete guest users. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix.

Published: Dec 7, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-7079
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-863

Affected Software
References

Software	From	Fixed in
arubanetworks / clearpass_policy_manager	6.7.0	6.7.6
arubanetworks / clearpass_policy_manager	-	6.6.10

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-007.txt

Vulnerability Database

289,697

CVE-2018-7079