Published: 03/06/2020 Updated: 27/01/2023

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher.

Vulnerable Product	Search on Vulmon	Subscribe to Product
arubanetworks clearpass policy manager

Proof of concept exploit for ClearPass Policy Manager which suffers from an unauthenticated remote command execution vulnerability ...

Create your malicious engine in seconds

CVE-2020-7115 Create your malicious engine in seconds build_enginesh Simple script to generate a malicious engine ready to be used in openssl argument injection scenarios How to use? It's very simple, just modify the enginec file with the command of your choice: #include <unistdh> __attribute__((constructor)) static void init() { execl("/bin/sh&

CWE-306 https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-005.txt http://packetstormsecurity.com/files/158368/ClearPass-Policy-Manager-Unauthenticated-Remote-Command-Execution.html https://nvd.nist.gov https://github.com/Retr02332/CVE-2020-7115 https://packetstormsecurity.com/files/158368/ClearPass-Policy-Manager-Unauthenticated-Remote-Command-Execution.html

CVE-2020-7115

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect