HP company Aruba Networks has shipped patches covering 14 vulnerabilities in its ClearPath Policy Manager software.
The bugs affect patch versions 6.10.6 and below in the 6.10.x series, and 6.9.11 and below in the 6.9.x series.
Five of the vulnerabilities are in the class of authenticated SQL injection bugs in the product’s Web-based management interface.
CVE-2022-23692, CVE-2022-23693, CVE-2022-23694, CVE-2022-23695, and CVE-2022-23696 would allow an authenticated remote attacker to “obtain and modify sensitive information in the underlying database”, the advisory stated, “potentially leading to complete compromise of the ClearPass Policy Manager cluster”.
Those vulnerabilities are rated high severity and were reported to the company’s bug bounty by Luke Young, working with Daniel Jensen.
Also high severity is CVE-2022-23685, which exposes endpoints to a lack of cross-site request forgery (CSRF) protection.
A remote, unauthenticated attacker to execute input against the endpoints, “if the attacker can convince an authenticated user of the interface” to click on a crafted URL.
The ClearPass OnGuard agency for macOS is subject to CVE-2022-37877, a privilege escalation allowing users on a macOS instance to execute arbitrary code as root.
It was also the work of Luke Young and is rated high.
Daniel Jensen had a hand in a collection of six high-rated remote command injection bugs in the web management interface: CVE-2022-37878, CVE-2022-37879, CVE-2022-37880, CVE-2022-37881, CVE-2022-37882, and CVE-2022-37883.
Remote authenticated users can run commands on the underlying host as root, leading to “complete system compromise”.
He also reported a medium rated denial-of-service condition, CVE-2022-37884.
At the time of writing, no further information on the vulnerabilities had been made public.
The bugs are fixed in ClearPass Policy Manager 6.10.7 and above, and 6.9.12 and above.
The company also recommends the CLI and Web-based management interface are restricted to dedicated layer 2 segments, VLANs, or firewalls.