CVE-2020-7115

CRITICAL

Arubanetworks Clearpass Policy Manager - Missing Authentication

Title source: rule

Description

The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher.

Exploits (2)

nomisec WORKING POC 2 stars

by Retr02332 · poc

https://github.com/Retr02332/CVE-2020-7115

View Code ZIP pw:eip

exploitdb WORKING POC

by SpicyItalian · bashremotelinux

https://www.exploit-db.com/exploits/48661

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/158368/ClearPass-Policy-Manager-Unauthenticated-Remote-Command-Execution.html

[Vendor Advisory] https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-005.txt

Scores

CVSS v3 9.8

EPSS 0.6070

EPSS Percentile 98.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-306

Status published

Affected Products (1)

arubanetworks/clearpass_policy_manager < 6.7.13

Timeline

Published Jun 03, 2020

Tracked Since Feb 18, 2026