cvelistv5 - cve-2023-43510

CVE-2023-43510 (GCVE-0-2023-43510)

Vulnerability from cvelistv5

Published

2023-10-24 18:14

Modified

2024-09-11 17:17

Severity ?

4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Summary

A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a non-privileged user on the underlying operating system leading to partial system compromise.

References

URL

Tags

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt

Impacted products

	Vendor	Product	Version
	Hewlett Packard Enterprise (HPE)	Aruba ClearPass Policy Manager	Version: ClearPass Policy Manager 6.11.x: 6.11.4 and below ≤ <=6.11.4 Version: ClearPass Policy Manager 6.10.x: 6.10.8 with ClearPass 6.10.8 Cumulative Hotfix Patch 5 and below Version: ClearPass Policy Manager 6.9.x: 6.9.13 with ClearPass 6.9.13 Cumulative Hotfix Patch 3 and below

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:44:42.674Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-43510",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-11T17:16:43.166442Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:17:15.639Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Aruba ClearPass Policy Manager",
          "vendor": "Hewlett Packard Enterprise (HPE)",
          "versions": [
            {
              "lessThanOrEqual": "\u003c=6.11.4",
              "status": "affected",
              "version": "ClearPass Policy Manager 6.11.x: 6.11.4 and below",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "ClearPass Policy Manager 6.10.x: 6.10.8 with ClearPass 6.10.8 Cumulative Hotfix Patch 5 and below"
            },
            {
              "status": "affected",
              "version": "ClearPass Policy Manager 6.9.x: 6.9.13 with ClearPass 6.9.13 Cumulative Hotfix Patch 3 and below"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Daniel Jensen (@dozernz)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A vulnerability in the ClearPass Policy Manager web-based\u0026nbsp;management interface allows remote authenticated users to\u0026nbsp;run arbitrary commands on the underlying host. A successful\u0026nbsp;exploit could allow an attacker to execute arbitrary\u0026nbsp;commands as a non-privileged user on the underlying\u0026nbsp;operating system leading to partial system compromise."
            }
          ],
          "value": "A vulnerability in the ClearPass Policy Manager web-based\u00a0management interface allows remote authenticated users to\u00a0run arbitrary commands on the underlying host. A successful\u00a0exploit could allow an attacker to execute arbitrary\u00a0commands as a non-privileged user on the underlying\u00a0operating system leading to partial system compromise."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-24T18:14:37.992Z",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Authenticated Remote Command Injection in ClearPass Policy Manager Web-Based Management Interface Leading to Partial System Compromise",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2023-43510",
    "datePublished": "2023-10-24T18:14:37.992Z",
    "dateReserved": "2023-09-19T14:41:06.499Z",
    "dateUpdated": "2024-09-11T17:17:15.639Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T19:44:42.674Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-43510\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-11T17:16:43.166442Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-11T17:17:10.963Z\"}}], \"cna\": {\"title\": \"Authenticated Remote Command Injection in ClearPass Policy Manager Web-Based Management Interface Leading to Partial System Compromise\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Daniel Jensen (@dozernz)\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Hewlett Packard Enterprise (HPE)\", \"product\": \"Aruba ClearPass Policy Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"ClearPass Policy Manager 6.11.x: 6.11.4 and below\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"\u003c=6.11.4\"}, {\"status\": \"affected\", \"version\": \"ClearPass Policy Manager 6.10.x: 6.10.8 with ClearPass 6.10.8 Cumulative Hotfix Patch 5 and below\"}, {\"status\": \"affected\", \"version\": \"ClearPass Policy Manager 6.9.x: 6.9.13 with ClearPass 6.9.13 Cumulative Hotfix Patch 3 and below\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the ClearPass Policy Manager web-based\\u00a0management interface allows remote authenticated users to\\u00a0run arbitrary commands on the underlying host. A successful\\u00a0exploit could allow an attacker to execute arbitrary\\u00a0commands as a non-privileged user on the underlying\\u00a0operating system leading to partial system compromise.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A vulnerability in the ClearPass Policy Manager web-based\u0026nbsp;management interface allows remote authenticated users to\u0026nbsp;run arbitrary commands on the underlying host. A successful\u0026nbsp;exploit could allow an attacker to execute arbitrary\u0026nbsp;commands as a non-privileged user on the underlying\u0026nbsp;operating system leading to partial system compromise.\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"eb103674-0d28-4225-80f8-39fb86215de0\", \"shortName\": \"hpe\", \"dateUpdated\": \"2023-10-24T18:14:37.992Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-43510\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-11T17:17:15.639Z\", \"dateReserved\": \"2023-09-19T14:41:06.499Z\", \"assignerOrgId\": \"eb103674-0d28-4225-80f8-39fb86215de0\", \"datePublished\": \"2023-10-24T18:14:37.992Z\", \"assignerShortName\": \"hpe\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2023-AVI-0884

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Aruba ClearPass Policy Manager. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Contournement provisoire

ClearPass Policy Manager versions 6.11.x antérieures à 6.11.5
ClearPass Policy Manager versions 6.10.x antérieures à 6.10.8 Hotfix Q4 2023
ClearPass Policy Manager versions 6.9.x antérieures à 6.9.13 Hotfix Q4 2023

L'éditeur précise que les versions antérieures ayant atteint leur date de fin de maintenance peuvent être affectées par ces vulnérabilités.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted