ClearPass Policy Manager Web UI RCE via Command Injection
CVE-2023-43510 Published on October 25, 2023
Authenticated Remote Command Injection in ClearPass Policy Manager Web-Based Management Interface Leading to Partial System Compromise
A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a non-privileged user on the underlying operating system leading to partial system compromise.
Vulnerability Analysis
CVE-2023-43510 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.
Products Associated with CVE-2023-43510
Want to know whenever a new CVE is published for Aruba Networks Clearpass Policy Manager? stack.watch will email you.
Affected Versions
Hewlett Packard Enterprise (HPE) Aruba ClearPass Policy Manager:- Version ClearPass Policy Manager 6.11.x: 6.11.4 and below, <= <=6.11.4 is affected.
- Version ClearPass Policy Manager 6.10.x: 6.10.8 with ClearPass 6.10.8 Cumulative Hotfix Patch 5 and below is affected.
- Version ClearPass Policy Manager 6.9.x: 6.9.13 with ClearPass 6.9.13 Cumulative Hotfix Patch 3 and below is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.