HPE-owned network access solutions provider Aruba informed customers last week that the company’s ClearPass Policy Manager access policy platform is affected by several vulnerabilities.
The most serious of the flaws, based on its CVSS score, is a high severity unauthenticated remote code execution vulnerability tracked as CVE-2017-5824. Another high severity issue is an information disclosure bug (CVE-2017-5647) affecting Apache Tomcat.
The other security holes, classified as medium and low severity, include authenticated remote code execution (CVE-2017-5826), reflected XSS (CVE-2017-5827), privilege escalation (CVE-2017-5825), arbitrary command execution via XXE (CVE-2017-5828), and access restriction bypass issues (CVE-2017-5829).
The vulnerabilities affect all ClearPass Policy Manager versions prior to 6.6.5. Users have been advised to update the product to version 6.6.5 and apply an additional hotfix made available on May 24.
A majority of these vulnerabilities were reported by Luke Young and V. Harishkumar through the company’s Bugcrowd-powered private bug bounty program. The XSS flaw was reported by Phil Purviance of Bishop Fox.
Aruba has been running a private bug bounty program since October 2014 and by the end of 2016 it had already received more than 500 vulnerability reports from 67 researchers. The company has offered up to $1,500 per bug.
In addition to the advisory describing ClearPass Policy Manager flaws, Aruba informed customers last week of a high severity remote code execution vulnerability affecting Airwave Software Glass versions 1.0.0 and 1.0.1. The weakness, tracked as CVE-2017-8946, has been addressed in version 1.0.1-1.