CVE-2022-37884
HIGHAruba ClearPass Policy Manager < 6.9.12 - Unauthenticated Denial of Service via Guest User Interface
Title source: llmDescription
A vulnerability exists in the ClearPass Policy Manager Guest User Interface that can allow an unauthenticated attacker to send specific operations which result in a Denial-of-Service condition. A successful exploitation of this vulnerability results in the unavailability of the guest interface in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address this security vulnerability.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-013.txt
Scores
CVSS v3
7.5
EPSS
0.0044
EPSS Percentile
63.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-400
Status
published
Products (1)
arubanetworks/clearpass_policy_manager
6.9.0 - 6.9.12
Published
Sep 20, 2022
Tracked Since
Feb 18, 2026