CVE-2023-25589
CRITICALClearPass Policy Manager 6.9.0-6.9.12 - Unauthenticated Arbitrary User Creation
Title source: llmDescription
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to create arbitrary users on the platform. A successful exploit allows an attacker to achieve total cluster compromise.
References (1)
Core 1
Core References
Scores
CVSS v3
9.8
EPSS
0.0053
EPSS Percentile
67.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-306
Status
published
Products (3)
arubanetworks/clearpass_policy_manager
6.11.0
arubanetworks/clearpass_policy_manager
6.11.1
arubanetworks/clearpass_policy_manager
6.9.0 - 6.9.13
Published
Mar 22, 2023
Tracked Since
Feb 18, 2026