Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to reasonable limits. As a workaround, restricting memory usage via OS limits would help against overall machine exhaustion, but there is no workaround to protect Eventlet process.

The version of Aruba ClearPass Policy Manager installed on the remote host is prior or equal to 6.7, 6.8.9-HF2, 6.9.9, 6.10.4. It is, therefore, affected by multiple vulnerabilities as referenced in the ARUBA-PSA-2022-007 advisory.

    - An information disclosure vulnerability exists in the web-based management interface of ClearPass Policy Manager.
    An authenticated, remote attacker can exploit this to disclose potentially sensitive information. (CVE-2022-23670)

    - A denial of service (DoS) vulnerability exists in the Python Eventlet library used by ClearPass Policy Manager. An     unauthenticated, remote attacker can exploit this issue, via WebSocket peer to exhaust memory reserved by Eventlet     inside of ClearPass Policy Manager, to cause the process to stop responding. (CVE-2021-21419)

    - A denial of service (DoS) vulnerability exists in Python Urllib library used by ClearPass Policy Manager. An     authenticated, remote attacker can exploit this issue, via the web-based management, to cause the application to     stop responding. (CVE-2021-33503)

    - An authentication bypass vulnerability exists in web-based management interface of ClearPass Policy Manager. An     unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary actions with root     privileges. (CVE-2022-23657, CVE-2022-23658, CVE-2022-23660)

    - A reflected cross-site scripting (XSS) vulnerability exists in the web-based management interface of ClearPass     Policy Manager due to improper validation of user-supplied input before returning it to users. An authenticated,     remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script     code in a user's browser session. (CVE-2022-23659)

    - A command injection vulnerability exists in the ClearPass Policy Manager command line interface. An authenticated,     remote attacker can exploit this to execute arbitrary commands. (CVE-2022-23661, CVE-2022-23662)

    - A command injection vulnerability exists in the ClearPass Policy Manager web-based management interface. An     authenticated, remote attacker can exploit this to execute arbitrary commands. (CVE-2022-23663, CVE-2022-23664,     CVE-2022-23666, CVE-2022-23672, CVE-2022-23673)

    - A command injection vulnerability exists in Aruba ClearPass Policy Manager. An authenticated, remote attacker can     exploit this to execute arbitrary commands. (CVE-2022-23665)

    - A command injection vulnerability exists in the ClearPass Policy Manager command line interface. An authenticated,     remote attacker can exploit this to execute arbitrary commands. (CVE-2022-23667)

    - A Server Side Request Forgery (SSRF) vulnerability exists in the web-based management interface of ClearPass Policy     Manager due to improper validation of session & user-accessible input data. The insecure processing of the input by     the vulnerable application server allows an unauthenticated, remote attacker the ability to exploit this by sending a     specially crafted message to the server to create a trusted remote session with a malicious external target.
    (CVE-2022-23668)

    - An authentication bypass vulnerability exists in ClearPass Policy Manager due to the handling of SAML token expiration.
    An authenticated, remote attacker can exploit this, via possession of a valid token to reuse the token after session     expiration, to bypass authentication and execute arbitrary actions with user privileges. (CVE-2022-23669)

    - An information disclosure vulnerability exists in ClearPass Policy Manager cluster network position. An authenticated,     remote attacker can exploit this to disclose potentially sensitive information. (CVE-2022-23671)

    - A authenticated stored cross-site scripting (XSS) vulnerability exists in the web-based management interface of ClearPass     Policy Manager due to improper validation of user-supplied input before returning it to users. An authenticated,     remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code     in a user's browser session. (CVE-2022-23674, CVE-2022-23675)


Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:5071 advisory.

  - python-eventlet: improper handling of highly compressed data and memory allocation with excessive size     allows DoS (CVE-2021-21419)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2437 advisory.

  - python-eventlet: improper handling of highly compressed data and memory allocation with excessive size     allows DoS (CVE-2021-21419)

  - jenkins-2-plugins/matrix-auth: Incorrect permission checks in Matrix Authorization Strategy Plugin     (CVE-2021-21623)

  - jenkins: lack of type validation in agent related REST API (CVE-2021-21639)

  - jenkins: view name validation bypass (CVE-2021-21640)

  - jenkins-2-plugins/credentials: Reflected XSS vulnerability in Credentials Plugin (CVE-2021-21648)

  - kubernetes: Validating Admission Webhook does not observe some previous fields (CVE-2021-25735)

  - kubernetes: Holes in EndpointSlice Validation Enable Host Network Hijack (CVE-2021-25737)

  - golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)

  - gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)

  - openshift: Injected service-ca.crt incorrectly contains additional internal CAs (CVE-2021-3636)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 20.04 LTS / 20.10 / 21.04 host has a package installed that is affected by a vulnerability as referenced in the USN-4956-1 advisory.

  - Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet     side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending     highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to reasonable limits. As     a workaround, restricting memory usage via OS limits would help against overall machine exhaustion, but     there is no workaround to protect Eventlet process. (CVE-2021-21419)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
161701	Aruba ClearPass Policy Manager <= 6.x.x < 6.8.9-HF2 / 6.9.x < 6.9.9 / 6.10.x < 6.10.4 Multiple Vulnerabilities	Nessus	Misc.	critical
156003	RHEL 8 : Red Hat OpenStack Platform 16.1 (python-eventlet) (RHSA-2021:5071)	Nessus	Red Hat Local Security Checks	medium
152103	RHEL 7 / 8 : OpenShift Container Platform 4.8.2 packages and (RHSA-2021:2437)	Nessus	Red Hat Local Security Checks	high
149520	Ubuntu 20.04 LTS / 20.10 / 21.04 : Eventlet vulnerability (USN-4956-1)	Nessus	Ubuntu Local Security Checks	medium

Detections

Analytics

CVE-2021-21419

medium

Tenable Plugins

critical

medium

high

medium