CVE-2020-7116
HIGHClearPass Policy Manager WebUI - Authenticated Command Injection
Title source: llmDescription
The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-005.txt
Scores
CVSS v3
7.2
EPSS
0.0144
EPSS Percentile
81.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (1)
arubanetworks/clearpass_policy_manager
6.7.0 - 6.7.13
Published
Jun 03, 2020
Tracked Since
Feb 18, 2026