CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-45618
https://notcve.org/view.php?id=CVE-2023-45618
14 Nov 2023 — There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point. Existen vulnerabilidades de eliminación arbitraria de archivos en AirWave Client Service al que accede PAPI (el protocolo de gesti... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt •
CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-45617
https://notcve.org/view.php?id=CVE-2023-45617
14 Nov 2023 — There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point. Existen vulnerabilidades de eliminación de archivos arbitrarios en CLI Service al que accede PAPI (el protocolo de administración de puntos d... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-45616
https://notcve.org/view.php?id=CVE-2023-45616
14 Nov 2023 — There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. Existe una vulnerabilidad de desbordamiento del búfer en AirWave Client Service subyacente que podría c... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-45615
https://notcve.org/view.php?id=CVE-2023-45615
14 Nov 2023 — There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. Existen vulnerabilidades de desbordamiento del búfer en CLI Service subyacente que podrían provocar la ejecució... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-45614
https://notcve.org/view.php?id=CVE-2023-45614
14 Nov 2023 — There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. Existen vulnerabilidades de desbordamiento del búfer en CLI Service subyacente que podrían provocar la ejecució... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-43510 – Authenticated Remote Command Injection in ClearPass Policy Manager Web-Based Management Interface Leading to Partial System Compromise
https://notcve.org/view.php?id=CVE-2023-43510
24 Oct 2023 — A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a non-privileged user on the underlying operating system leading to partial system compromise. Una vulnerabilidad en la interfaz de administración basada en web de ClearPass Policy Manager permite a usuarios remotos autenticados ejecutar comandos arbitrarios en el host s... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-43509 – Unauthenticated Endpoint Allows Sending Arbitrary OnGuard Notifications
https://notcve.org/view.php?id=CVE-2023-43509
24 Oct 2023 — A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to send notifications to computers that are running ClearPass OnGuard. These notifications can then be used to phish users or trick them into downloading malicious software. Una vulnerabilidad en la interfaz de administración basada en web de ClearPass Policy Manager podría permitir que un atacante remoto no autenticado envíe notificaciones a ordenadores que ejecutan ClearPass OnG... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-43508 – Authorization Bypass Leading to Privilege Escalation in ClearPass Policy Manager Web-Based Management Interface
https://notcve.org/view.php?id=CVE-2023-43508
24 Oct 2023 — Vulnerabilities in the web-based management interface of ClearPass Policy Manager allow an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of these vulnerabilities allow an attacker to complete state-changing actions in the web-based management interface that should not be allowed by their current level of authorization on the platform. Las vulnerabilidades en la interfaz de administración basada en web de ClearPas... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt • CWE-863: Incorrect Authorization •
CVSS: 9.0EPSS: 0%CPEs: 9EXPL: 0CVE-2023-43507 – Authenticated SQL Injection Vulnerability in ClearPass Policy Manager Web-based Management Interface
https://notcve.org/view.php?id=CVE-2023-43507
24 Oct 2023 — A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster. Una vulnerabilidad en la interfaz de administración basada en web de ClearPass Policy Manager podría permi... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-43506 – Local Privilege Escalation in ClearPass OnGuard Linux Agent
https://notcve.org/view.php?id=CVE-2023-43506
24 Oct 2023 — A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance. Una vulnerabilidad en el agente de Linux ClearPass OnGuard podría permitir a usuarios malintencionados elevar sus privilegios de usuario a aquellos de una función superior. Un exploit exitoso permite a usuarios malintencionados eje... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt • CWE-269: Improper Privilege Management •