CVE-2023-25589: Critical flaw in Aruba ClearPass Policy Manager
Aruba Networks, a leading provider of networking solutions, has recently released updates to its ClearPass Policy Manager in response to multiple identified security vulnerabilities. These vulnerabilities affect various software versions of the ClearPass Policy Manager, with the potential to compromise system security and user privacy.
The identified vulnerabilities affect ClearPass Policy Manager running the following software versions:
- ClearPass Policy Manager 6.11.x: 6.11.1 and below
- ClearPass Policy Manager 6.10.x: 6.10.8 and below
- ClearPass Policy Manager 6.9.x: 6.9.13 and below
Details of Vulnerabilities
- Unauthenticated Arbitrary User Creation Leads to Complete System Compromise (CVE-2023-25589): A critical (CVSS3 score of 9.8) vulnerability in the web-based management interface of ClearPass Policy Manager allows an unauthenticated remote attacker to create arbitrary users on the platform, potentially leading to a total cluster compromise. The CVE-2023-25589 flaw is caused by improper authentication validation. By sending a specially crafted request, an attacker could exploit this vulnerability to create arbitrary users on the platform.
- Local Privilege Escalation in ClearPass OnGuard Linux Agent (CVE-2023-25590): A high-severity (CVSS3 score of 7.8) vulnerability in the ClearPass OnGuard Linux agent allows malicious users on a Linux instance to elevate their user privileges, enabling them to execute arbitrary code with root-level privileges.
- Authenticated Information Disclosure in ClearPass Policy Manager Web-Based Management Interface (CVE-2023-25591): A high-severity (CVSS3 score of 7.6) vulnerability in the web-based management interface of ClearPass Policy Manager permits a remote attacker with low privileges to access sensitive information, potentially leading to further privilege escalation.
- Reflected Cross-Site Scripting Vulnerabilities (XSS) in ClearPass Policy Manager Web-Based Management Interface (CVE-2023-25592, CVE-2023-25593): High-severity (CVSS3 score of 7.1) vulnerabilities within the web-based management interface of ClearPass Policy Manager enable a remote attacker to conduct reflected cross-site scripting (XSS) attacks against users of the interface, allowing the execution of arbitrary script code in a victim’s browser.
- Authorization Bypass Leading to Privilege Escalation in ClearPass Policy Manager Web-Based Management Interface (CVE-2023-25594): A medium-severity (CVSS3 score of 6.3) vulnerability in the web-based management interface of ClearPass Policy Manager allows an attacker with read-only privileges to perform state-changing actions that should be restricted based on their current level of authorization.
- Sensitive Information Disclosure in ClearPass OnGuard Ubuntu Agent (CVE-2023-25595): A medium-severity (CVSS3 score of 5.5) vulnerability in the ClearPass OnGuard Ubuntu agent enables an attacker with local Ubuntu instance access to obtain sensitive information.
- Authenticated Sensitive Information Disclosure in ClearPass Policy Manager (CVE-2023-25596): A medium-severity (CVSS3 score of 4.5) vulnerability in ClearPass Policy Manager allows an attacker with administrative privileges to access sensitive information in a cleartext format, potentially leading to further network access.
Resolution and Workarounds
Aruba has addressed these vulnerabilities by releasing software updates for affected ClearPass Policy Manager versions. Users are advised to upgrade their ClearPass Policy Manager to the appropriate version to resolve all identified issues. As a workaround, Aruba recommends restricting access to the CLI and web-based management interfaces for ClearPass Policy Manager using dedicated layer 2 segments/VLANs or controlled by firewall policies at layer 3 and above.
Aruba states that it is unaware of any public discussion, exploit code, or active exploitation of these vulnerabilities as of the release date of the advisory, March 14, 2023.
Aruba provides a ClearPass Policy Manager Hardening Guide for users to improve the overall security posture of their ClearPass instances. The guide is available for ClearPass versions 6.11.x, 6.10.x, and 6.9.x.