CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-7059

Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that helps to coordinate cluster actions. An authenticated user with the "mon" permission could use this vulnerability to obtain cluster credentials which could allow privilege escalation. This vulnerability is only present when authenticated as a user with "mon" permission.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 59.1%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 4.0

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt

Products affected by CVE-2018-7059

Hp » Aruba Clearpass Policy Manager » Version: Any

cpe:2.3:a:hp:aruba_clearpass_policy_manager:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-7059

Products

Pricing

Contact Us