N/A

An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation. All versions of ClearPass are affected by multiple authenticated SQL injection vulnerabilities. In each case, an authenticated administrative user of any type could exploit this vulnerability to gain access to "appadmin" credentials, leading to complete cluster compromise. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix.

N/A

N/A

Aruba ClearPass Policy Manager SQL注入漏洞

Aruba ClearPass是美国安移通网络（Aruba Networks）公司的一套集成了网络控制功能、应用和设备管理功能的接入管理系统。该系统可在单一位置管理与BYOD(自带设备)相关的各种事宜。Policy Manager是其中的一个策略管理器。 Aruba ClearPass 6.7.6之前的6.7.x版本和6.6.10及之前版本（没有使用hotfix）中的Policy Manager存在SQL注入漏洞。远程攻击者可利用该漏洞获取‘appadmin’凭证。

N/A

N/A