CVE-2020-7117

The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher.

Published: Jun 3, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-7117
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9
AV:N/AC:L/Au:S/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
arubanetworks / clearpass_policy_manager	6.7.0	6.7.13.x
arubanetworks / clearpass_policy_manager	6.8.0	6.8.6
arubanetworks / clearpass_policy_manager	6.9.0	6.9.1

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-005.txt

Vulnerability Database

289,697

CVE-2020-7117