CVE-2020-7115

CRITICAL

ClearPass Policy Manager 6.7.0-6.7.12 - Unauthenticated Remote Command Execution via Authentication Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2020-7115. PoCs published by SpicyItalian, Retr02332.

AI-analyzed exploit summary This exploit leverages an unauthenticated remote command execution vulnerability in Aruba ClearPass Policy Manager by uploading a malicious OpenSSL engine (shared library) via a POST request. The payload spawns a reverse shell using ncat.

Description

The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher.

Exploits (2)

exploitdb WORKING POC
by SpicyItalian · bashremotelinux
https://www.exploit-db.com/exploits/48661

This exploit leverages an unauthenticated remote command execution vulnerability in Aruba ClearPass Policy Manager by uploading a malicious OpenSSL engine (shared library) via a POST request. The payload spawns a reverse shell using ncat.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Aruba ClearPass Policy Manager 6.7.x prior to 6.7.13-HF, 6.8.x prior to 6.8.5-HF, 6.9.x prior to 6.9.1
No auth needed
Prerequisites: RHEL/CentOS 7.x for compiling the malicious OpenSSL engine · Network access to the target · ncat installed on the attacker's machine
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2 stars
by Retr02332 · poc
https://github.com/Retr02332/CVE-2020-7115

This repository provides a functional exploit for CVE-2020-7115, which involves creating a malicious OpenSSL engine to achieve arbitrary command execution via argument injection. The PoC includes a build script and a C-based shared library that executes a command upon loading.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: OpenSSL (versions affected by CVE-2020-7115)
No auth needed
Prerequisites: Ability to upload a malicious shared library to the target system · Target system must load the malicious engine
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.6460
EPSS Percentile 99.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-306
Status published
Products (1)
arubanetworks/clearpass_policy_manager 6.7.0 - 6.7.13
Published Jun 03, 2020
Tracked Since Feb 18, 2026