Aruba ClearPass 6.6.3 and later includes a feature called "SSH Lockout", which causes ClearPass to lock accounts with too many login failures through SSH. When this feature is enabled, an unauthenticated remote command execution vulnerability is present which could allow an unauthenticated user to execute arbitrary commands on the underlying operating system with "root" privilege level. This vulnerability is only present when a specific feature has been enabled. The SSH Lockout feature is not enabled by default, so only systems which have enabled this feature are vulnerable.
References
Link | Resource |
---|---|
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-004.txt | Mitigation Vendor Advisory |
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-004.txt | Mitigation Vendor Advisory |
Configurations
History
21 Nov 2024, 03:35
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-004.txt - Mitigation, Vendor Advisory |
Information
Published : 2018-08-06 20:29
Updated : 2024-11-21 03:35
NVD link : CVE-2017-9001
Mitre link : CVE-2017-9001
CVE.ORG link : CVE-2017-9001
JSON object : View
Products Affected
hp
- aruba_clearpass_policy_manager
CWE