CVE-2014-2593
Aruba Networks ClearPass Policy Manager 6.3.0.60730 - Authenticated OS Command Injection via Management Console Commands
Title source: llmDescription
The management console in Aruba Networks ClearPass Policy Manager 6.3.0.60730 allows local users to execute arbitrary commands via shell metacharacters in certain arguments of a valid command, as demonstrated by the (1) system status-rasession and (2) network ping commands.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/show/osvdb/109662
Various Sources x_refsource_confirm
http://www.arubanetworks.com/support/alerts/aid-050214.asc
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/95491
Various Sources x_refsource_misc
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2593
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/69391
Scores
EPSS
0.0056
EPSS Percentile
68.6%
Details
CWE
CWE-264
Status
published
Products (1)
arubanetworks/clearpass_policy_manager
6.3.0.60730
Published
Aug 29, 2014
Tracked Since
Feb 18, 2026