Four gaps in HPE Aruba Networking ClearPass Policy Manager closed
If the conditions are right, attackers can execute malicious code via vulnerabilities in HPE's access management solution.
Updates are available.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
In current versions of HPE Aruba Networking ClearPass Policy Manager, the developers have closed a total of four security vulnerabilities. In the worst case scenario, attackers can execute their own code and compromise systems.
Admins use it to manage access in networks. If an attacker gets a foot in the door at this point, the consequences can be serious. However, as a warning message states, malicious code attacks are not possible without further ado.
Closed security gaps
For this to work, attackers must already be authenticated. If this is the case, they can remotely exploit two vulnerabilities (CVE-2024-51771"high", CVE-2024-51772"high") in the web-based management interface. They can then execute their own commands in the underlying operating system via an unspecified path.
In addition, stored XSS attacks (CVE-2024-51773"medium") and command injection attacks (CVE-2024-53672"medium") are also possible.
The developers assure that they have closed the gaps from versions 6.11.10 and 6.12.3. There are currently no reports of attacks. Nevertheless, admins should install the security updates as soon as possible.
Unfortunately, HPE does not currently specify which parameters admins can use to recognize systems that have already been compromised.
(des)
