CVE-2020-7113

MEDIUM

Aruba ClearPass 6.7.0-6.7.13 - Unauthenticated Service Account Compromise via HTTP Parameter Tampering

Title source: llm

Description

A vulnerability was found when an attacker, while communicating with the ClearPass management interface, is able to intercept and change parameters in the HTTP packets resulting in the compromise of some of ClearPass' service accounts. Resolution: Fixed in 6.7.10, 6.8.1, 6.9.0 and higher.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-004.txt

Scores

CVSS v3 4.9

EPSS 0.0037

EPSS Percentile 58.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Details

Status published

Products (1)

arubanetworks/clearpass 6.7.0 - 6.7.13

Published Apr 16, 2020

Tracked Since Feb 18, 2026