Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security
Uploaded by MdFaiyaz.Ahmed

ClearPass Policy Manager Multiple Vulnerabilities

advertisement 
ClearPass Policy Manager Multiple Vulnerabilities
ARUBA-PSA-2022-013 (Rev-1)
OVERVIEW
Aruba has released updates to ClearPass Policy Manager that address multiple security vulnerabilities.
CVEs
CVE-2022-23685, CVE-2022-23692, CVE-2022-23693, CVE-2022-23694, CVE-2022-23695, CVE-2022-23696,
CVE-2022-37877, CVE-2022-37878, CVE-2022-37879, CVE-2022-37880, CVE-2022-37881, CVE-2022-37882,
CVE-2022-37883, CVE-2022-37884
AFFECTED PRODUCTS
These vulnerabilities affect ClearPass Policy Manager running the following patch versions unless specifically
noted otherwise in the details section:
•
ClearPass Policy Manager 6.10.x : 6.10.6 and below
•
ClearPass Policy Manager 6.9.x : 6.9.11 and below
Updating ClearPass Policy Manager to a patch level listed in the Resolution section at the end of this
advisory will resolve all issues in the details section.
Versions of ClearPass Policy Manager that are end of life should be considered to be affected by these
vulnerabilities unless otherwise indicated. Impacted customers should plan to migrate to a supported
version. Supported versions as pf the release of this advisory are:
-
ClearPass Policy Manager 6.10.x
-
ClearPass Policy Manager 6.9.x
DETAILS
1. Authenticated SQL Injection Vulnerabilities in ClearPass Policy Manager Web-based Management
Interface (CV E-2 022 -2 3692, CV E -20 22 - 236 93 , C V E -20 22 - 2369 4, CV E -202 2 - 2369 5, CV E 2022 -236 96)
Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an
authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy
Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive
information in the underlying database potentially leading to complete compromise of the ClearPass
Policy Manager cluster.
In t ern a l r ef e r en c e: ATLCP-177, ATLCP-178, ATLCP-180, ATLCP-201, ATLCP-202
S ev er it y : HIGH
CV SS v3. x Ov e ra ll S cor e : 8.8
CV SS V e c t or :
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Discovery: These vulnerabilities were discovered and reported by Luke Young
(bugcrowd.com/bored-engineer) and Daniel Jensen (@dozernz) via Aruba's Bug Bounty Program.
2. Lack of Cross-Site Request Forgery (CSRF) Protections for some Endpoints in ClearPass Policy
Manager (CV E- 2022 -2 3685 )
A vulnerability in the ClearPass Policy Manager web-based management interface exists which
exposes some endpoints to a lack of Cross-Site Request Forgery (CSRF) protection. This could allow a
remote unauthenticated attacker to execute arbitrary input against these endpoints if the attacker
can convince an authenticated user of the interface to interact with a specially crafted URL.
In t ern a l r ef e r en c e: ATLCP-219
S ev er it y : HIGH
CV SSv 3. x Ov e ra ll S cor e : 8.1
CV SS V e ct or :
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Discovery: This vulnerability was discovered and reported by the Aruba ClearPass Policy Manager
Engineering Team.
3. Local Privilege Escalation in ClearPass OnGuard macOS Agent (CV E- 2022 - 37877 )
A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS
instance to elevate their user privileges. A successful exploit could allow these users to execute
arbitrary code with root level privileges on the macOS instance.
In t ern a l r ef e r en c e: ATLCP-205
S ev er it y : HIGH
CV SSv 3. x Ov e ra ll S cor e : 8.0
CV SS V e ct or :
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Discovery: This vulnerability was discovered and reported by Luke Young (bugcrowd.com/boredengineer) via Aruba's Bug Bounty Program.
4. Authenticated Remote Command Injection in ClearPass Policy Manager Web-Based Management
Interface (CV E-2 022 -3 7878, CV E -20 22 - 378 79 , C V E -20 22 - 3788 0, CV E -202 2 - 3788 1, CV E 2022 -378 82, C V E -20 22 -378 83)
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote
authenticated users to run arbitrary commands on the underlying host. A successful exploit could
allow an attacker to execute arbitrary commands as root on the underlying operating system
leading to complete system compromise.
In t ern a l r ef e r en c e: ATLCP-166, ATLCP-179, ATLCP-183, ATLCP-189, ATLCP-193, ATLCP-197
S ev er it y : HIGH
CV SS v3. x Ov e ra ll S cor e : 7.2
CV SS V e c t or :
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Discovery: These vulnerabilities were discovered and reported by Daniel Jensen (@dozernz) via
Aruba's Bug Bounty Program.
5. Unauthenticated Denial-of-Service Condition in ClearPass Policy Manager Guest User
Interface (CV E-2 022 -3 7884 )
A vulnerability exists in the ClearPass Policy Manager Guest User Interface that can allow an
unauthenticated attacker to send specific operations which result in a Denial-of-Service condition. A
successful exploitation of this vulnerability results in the unavailability of the guest interface.
In t ern a l r ef e r en c e: ATLCP-167
S ev er it y : MEDIUM
CV S Sv3 .x Ov er al l S cor e : 5.3
CV SS V e ct or :
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Discovery: This vulnerability was discovered and reported by Daniel Jensen (@dozernz) via Aruba's
Bug Bounty Program.
RESOLUTION
The vulnerabilities contained in this advisory can be addressed by patching or upgrading to one of the
ClearPass Policy Manager versions listed below:
•
•
ClearPass Policy Manager 6.10.x : 6.10.7
ClearPass Policy Manager 6.9.x : 6.9.12
and above
and above
Aruba does not evaluate or patch ClearPass Policy Manager versions that have reached their End of Support
(EoS) milestone. For more information about Aruba's End of Support policy visit:
https://www.arubanetworks.com/support-services/end-of-life/
WORKAROUND
To minimize the likelihood of an attacker exploiting some of these vulnerabilities, Aruba recommends that
the CLI and web-based management interfaces for ClearPass Policy Manager be restricted to a dedicated
layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above.
CLEARPASS POLICY MANAGER SECURITY HARDENING
For general information on hardening ClearPass Policy Manager instances against security threats please
see the ClearPass Policy Manager Hardening Guide available at
https://support.hpe.com/hpesc/public/docDisplay?docId=a00091066en_us for ClearPass Policy Manager
6.9.x and earlier versions.
For ClearPass 6.10.x the ClearPass Policy Manager Hardening Guide is available at
https://www.arubanetworks.com/techdocs/ClearPass/6.10/PolicyManager/Content/home.htm
EXPLOITATION AND PUBLIC DISCUSSION
Aruba is not aware of any public discussion or exploit code that target these specific vulnerabilities as of the
release date of the advisory.
Related documents
Switch Software Dependencies
Switch Software Dependencies
Selling Guide, Aruba ClearPass Policy Manager™ Version 6.0 T A C
Selling Guide, Aruba ClearPass Policy Manager™ Version 6.0 T A C
ARUBA CLeARPASS POLICY MANAgeR™ The most advanced policy management platform available
ARUBA CLeARPASS POLICY MANAgeR™ The most advanced policy management platform available
AruBA ClEArPASS QuICkCOnneCT
AruBA ClEArPASS QuICkCOnneCT
CleArPASS GueST For HoSPITAlITY A most memorable guest experience starts here
CleArPASS GueST For HoSPITAlITY A most memorable guest experience starts here
CLEARPASS CONVERSATION GUIDE Aruba Guide ClearPass Conversation
CLEARPASS CONVERSATION GUIDE Aruba Guide ClearPass Conversation
Download
advertisement