Aruba ClearPass Policy Manager <= 6.6.10 / 6.7.x < 6.7.6 Multiple Vulnerabilities

critical Nessus Plugin ID 139002

Synopsis

The remote database server is affected by multiple vulnerabilities.

Description

The version of Aruba ClearPass Policy Manager installed on the remote host is equal or prior to 6.6.10, or 6.7.x prior to 6.7.6. It is, therefore, affected by multiple vulnerabilities:

- An XML external entity (XXE) vulnerability exists due to an incorrectly configured XML parser accepting XML external entities from disabled admin accounts. A remote attacker with knowledge of these accounts could exploit this vulnerability via specially crafted XML data, to perform read/write operations. (CVE-2018-7063)

- A SQL injection (SQLi) vulnerability exists due to improper validation of user-supplied input. An authenticated, remote attacker can exploit this to gain access to 'appadmin' credentials, which could lead to complete system compromise. (CVE-2018-7065)

- A remote command execution vulnerability exists in devices linked via the OnConnect feature due to a defect in the API. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands on the linked devices (CVE-2018-7066)

- An authentication bypass vulnerability exists in the ClearPass administrative network interface's API. A remote unauthenticated attacker could exploit this vulnerability to bypass authentication, leading to complete compromise. (CVE-2018-7067)

- An authentication bypass vulnerability exists in ClearPass Guest administrative operations due to improper access controls.
A remote, authenticated attacker could exploit this vulnerability to view, modify or delete guest users, regardless of privilege level.
(CVE-2018-7079)

Note: Nessus is unable to check for the presence of applied hotfixes in this product. Consequently, customers running version 6.6.10.x will only be flagged for these vulnerabilities when scan accuracy is set to show potential false alarms.

Solution

Upgrade to version 6.6.10 and install vendor supplied hotfix, or upgrade to 6.7.6 or later.

See Also

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-007.txt

http://www.nessus.org/u?a675aa80

http://www.nessus.org/u?a6b29b9b

Plugin Details

Severity: Critical

ID: 139002

File Name: aruba_clearpass_polman_6_7_6.nasl

Version: 1.2

Type: local

Family: CGI abuses

Published: 7/28/2020

Updated: 7/29/2020

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.5

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2018-7066

CVSS v3

Risk Factor: Critical

Base Score: 9

Temporal Score: 7.8

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:arubanetworks:clearpass

Required KB Items: Host/Aruba_Clearpass_Policy_Manager/version

Exploit Ease: No known exploits are available

Patch Publication Date: 11/7/2018

Vulnerability Publication Date: 11/7/2018

Reference Information

CVE: CVE-2018-7063, CVE-2018-7065, CVE-2018-7066, CVE-2018-7067, CVE-2018-7079

BID: 106169

IAVA: 2018-A-0410-S