← volver
CVE-2023-43510

Authenticated Remote Command Injection in ClearPass Policy Manager Web-Based Management Interface Leading to Partial System Compromise

CVSS 4.7 MEDIUMEPSS 0.6%
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 4.7EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
24 oct 2023Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a non-privileged user on the underlying operating system leading to partial system compromise.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Productos afectados
Hewlett Packard Enterprise (HPE) · Aruba ClearPass Policy Manager

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt