漏洞标题
N/A
漏洞描述信息
Aruba ClearPass 6.6.3 后续包括一个名为 "SSH 锁定" 的功能,该功能使 ClearPass 通过 SSH 锁定存在过多登录失败的账户。当此功能启用时,存在一个未验证的远程命令执行漏洞,这可能导致未验证的用户在底层操作系统的 "root" 权限级别下执行任意命令。此漏洞仅在特定的功能被启用时存在。默认情况下,SSH 锁定功能不会启用,因此只有已启用此功能的系统存在此漏洞。
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Aruba ClearPass 6.6.3 and later includes a feature called "SSH Lockout", which causes ClearPass to lock accounts with too many login failures through SSH. When this feature is enabled, an unauthenticated remote command execution vulnerability is present which could allow an unauthenticated user to execute arbitrary commands on the underlying operating system with "root" privilege level. This vulnerability is only present when a specific feature has been enabled. The SSH Lockout feature is not enabled by default, so only systems which have enabled this feature are vulnerable.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Aruba ClearPass 安全漏洞
漏洞描述信息
Aruba ClearPass是美国安移通网络(Aruba Networks)公司的一套集成了网络控制功能、应用和设备管理功能的接入管理系统。该系统可在单一位置管理与BYOD(自带设备)相关的各种事宜。 Aruba ClearPass 6.6.3及之后版本中存在安全漏洞。在SSH Lockout功能被打开时,攻击者可利用该漏洞在底层操作系统上以root权限执行任意命令。
CVSS信息
N/A
漏洞类别
授权问题