CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-37877
https://notcve.org/view.php?id=CVE-2022-37877
A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the macOS instance in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address this security vulnerability. Una vulnerabilidad en el agente de ClearPass OnGuard para macOS podría permitir a usuarios maliciosos en una instancia de macOS elevar sus privilegios de usuario. Una explotación con éxito podría permitir a estos usuarios ejecutar código arbitrario privilegiado de nivel root en la instancia de macOS en Aruba ClearPass Policy Manager versión(es): 6.10.x: 6.10.6 y anteriores; 6.9.x: 6.9.11 y anteriores. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-013.txt •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2022-37880
https://notcve.org/view.php?id=CVE-2022-37880
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities. Unas vulnerabilidades en la interfaz de administración basada en web de ClearPass Policy Manager permiten a usuarios remotos autenticados ejecutar comandos arbitrarios en el host subyacente. Una explotación con éxito podría permitir a un atacante ejecutar comandos arbitrarios como root en el sistema operativo subyacente, conllevando a un compromiso completo del sistema en Aruba ClearPass Policy Manager versión(es): 6.10.x: 6.10.6 y anteriores; 6.9.x: 6.9.11 y anteriores. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-013.txt •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2022-37878
https://notcve.org/view.php?id=CVE-2022-37878
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities. Unas vulnerabilidades en la interfaz de administración basada en web de ClearPass Policy Manager permiten a usuarios remotos autenticados ejecutar comandos arbitrarios en el host subyacente. Una explotación con éxito podría permitir a un atacante ejecutar comandos arbitrarios como root en el sistema operativo subyacente, conllevando a un compromiso completo del sistema en Aruba ClearPass Policy Manager versión(es): 6.10.x: 6.10.6 y anteriores; 6.9.x: 6.9.11 y anteriores. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-013.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2022-37879
https://notcve.org/view.php?id=CVE-2022-37879
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities. Unas vulnerabilidades en la interfaz de administración basada en la web de ClearPass Policy Manager permiten a usuarios remotos autenticados ejecutar comandos arbitrarios en el host subyacente. Una explotación con éxito podría permitir a un atacante ejecutar comandos arbitrarios como root en el sistema operativo subyacente, lo que conllevaría a un compromiso completo del sistema en Aruba ClearPass Policy Manager versión(es): 6.10.x: 6.10.6 y anteriores; 6.9.x: 6.9.11 y anteriores. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-013.txt •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-37884
https://notcve.org/view.php?id=CVE-2022-37884
A vulnerability exists in the ClearPass Policy Manager Guest User Interface that can allow an unauthenticated attacker to send specific operations which result in a Denial-of-Service condition. A successful exploitation of this vulnerability results in the unavailability of the guest interface in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address this security vulnerability. Se presenta una vulnerabilidad en la Interfaz de Usuario de ClearPass Policy Manager Guest que puede permitir a un atacante no autenticado enviar operaciones específicas que resulten en una condición de denegación de servicio. Una explotación con éxito de esta vulnerabilidad resulta en la indisponibilidad de la interfaz de invitado en Aruba ClearPass Policy Manager versión(es): 6.10.x: 6.10.6 y anteriores; 6.9.x: 6.9.11 y anteriores. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-013.txt •