CVE-2018-7058
CRITICALAruba ClearPass Policy Manager 6.6.0-6.6.8 - Authentication Bypass
Title source: llmDescription
Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability, an attacker can leverage this vulnerability to gain administrator privileges on the system. The vulnerability is exposed only on ClearPass web interfaces, including administrative, guest captive portal, and API. Customers who do not expose ClearPass web interfaces to untrusted users are impacted to a lesser extent.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt
Scores
CVSS v3
9.8
EPSS
0.0080
EPSS Percentile
74.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (1)
hp/aruba_clearpass_policy_manager
6.6.0 - 6.6.9
Published
Aug 06, 2018
Tracked Since
Feb 18, 2026