CVE-2023-25595

MEDIUM

ClearPass Policy Manager - Information Disclosure via OnGuard Ubuntu Agent

Title source: llm

Description

A vulnerability exists in the ClearPass OnGuard Ubuntu agent that allows for an attacker with local Ubuntu instance access to potentially obtain sensitive information. Successful Exploitation of this vulnerability allows an attacker to retrieve information that is of a sensitive nature to the ClearPass/OnGuard environment.

References (1)

Core 1

Core References

Vendor Advisory

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-003.txt

Scores

CVSS v3 5.5

EPSS 0.0005

EPSS Percentile 14.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-284

Status published

Products (3)

arubanetworks/clearpass_policy_manager 6.11.0

arubanetworks/clearpass_policy_manager 6.11.1

arubanetworks/clearpass_policy_manager 6.9.0 - 6.9.13

Published Mar 22, 2023

Tracked Since Feb 18, 2026