CVE-2013-2269
Aruba Networks ClearPass and ClearPass Guest - Unauthenticated Access Bypass via Sponsorship Confirmation Link
Title source: llmDescription
The Sponsorship Confirmation functionality in Aruba Networks ClearPass 5.x, 6.0.1, and 6.0.2, and Amigopod/ClearPass Guest 3.0 through 3.9.7, allows remote attackers to bypass intended access restrictions and approve a request by sending a guest request, then using "parameter manipulation" in conjunction with information from a "default holding page" to discover the link that is used for sponsor approval of the guest request, then performing a direct request to that link.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
http://www.arubanetworks.com/support/alerts/aid-050813.asc
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/59805
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/53358
Scores
EPSS
0.0045
EPSS Percentile
63.7%
Details
CWE
CWE-264
Status
published
Products (12)
arubanetworks/clearpass
5.0.1
arubanetworks/clearpass
5.1
arubanetworks/clearpass
5.2
arubanetworks/clearpass
6.0.1
arubanetworks/clearpass
6.0.2
arubanetworks/clearpass_guest
3.0
arubanetworks/clearpass_guest
3.1
arubanetworks/clearpass_guest
3.2
arubanetworks/clearpass_guest
3.3
arubanetworks/clearpass_guest
3.5
... and 2 more
Published
Oct 01, 2013
Tracked Since
Feb 18, 2026