CVE-2022-37883
HIGHAruba ClearPass Policy Manager 6.9.0-6.9.11 and 6.10.0-6.10.6 - Authenticated Remote Command Execution
Title source: llmDescription
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-013.txt
Scores
CVSS v3
7.2
EPSS
0.0068
EPSS Percentile
71.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-77
Status
published
Products (1)
arubanetworks/clearpass_policy_manager
6.9.0 - 6.9.12
Published
Sep 20, 2022
Tracked Since
Feb 18, 2026