CVE-2023-43509

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to send notifications to computers that are running ClearPass OnGuard. These notifications can then be used to phish users or trick them into downloading malicious software.

Published: Oct 25, 2023
Updated: Nov 2, 2023
CVE: CVE-2023-43509
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.8
AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
arubanetworks / clearpass_policy_manager	6.11.0	6.11.4.x
arubanetworks / clearpass_policy_manager	6.9.13	6.9.13.x
arubanetworks / clearpass_policy_manager	-	6.9.13
arubanetworks / clearpass_policy_manager	6.10.8	6.10.8.x
arubanetworks / clearpass_policy_manager	6.10.0	6.10.8
arubanetworks / clearpass_policy_manager	6.9.13-cumulative_hotfix_patch_2	6.9.13-cumulative_hotfix_patch_2.x
arubanetworks / clearpass_policy_manager	6.9.13-cumulative_hotfix_patch_3	6.9.13-cumulative_hotfix_patch_3.x
arubanetworks / clearpass_policy_manager	6.10.8-cumulative_hotfix_patch_2	6.10.8-cumulative_hotfix_patch_2.x
arubanetworks / clearpass_policy_manager	6.10.8-cumulative_hotfix_patch_5	6.10.8-cumulative_hotfix_patch_5.x

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt

Vulnerability Database

289,784

CVE-2023-43509