CVE-2024-51771

A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. Successful exploitation could enable the attacker to run arbitrary commands on the underlying operating system.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04761en_us&docLocale=en_US	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:arubanetworks:clearpass_policy_manager::::::::
	cpe:2.3:a:arubanetworks:clearpass_policy_manager::::::::

History

07 Apr 2025, 15:02

Type	Values Removed	Values Added
References	~~() https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04761en_us&docLocale=en_US -~~	() https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04761en_us&docLocale=en_US - Vendor Advisory
First Time		Arubanetworks Arubanetworks clearpass Policy Manager
Summary		(es) Una vulnerabilidad en la interfaz de administración basada en web de ClearPass Policy Manager de HPE Aruba Networking podría permitir que un actor de amenazas remoto autenticado realice un ataque de ejecución de código remoto. Una explotación exitosa podría permitir que el atacante ejecute comandos arbitrarios en el sistema operativo subyacente.
CPE		cpe:2.3:a:arubanetworks:clearpass_policy_manager::::::::

03 Dec 2024, 22:15

Type	Values Removed	Values Added
CWE		CWE-77

03 Dec 2024, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-03 20:15

Updated : 2025-04-07 15:02

NVD link : CVE-2024-51771

Mitre link : CVE-2024-51771

CVE.ORG link : CVE-2024-51771

JSON object : View

Products Affected

arubanetworks

clearpass_policy_manager

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

{"id": "CVE-2024-51771", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-alert@hpe.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-12-03T20:15:15.477", "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04761en_us&docLocale=en_US", "tags": ["Vendor Advisory"], "source": "security-alert@hpe.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. Successful exploitation could enable the attacker to run arbitrary commands on the underlying operating system."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de ClearPass Policy Manager de HPE Aruba Networking podr\u00eda permitir que un actor de amenazas remoto autenticado realice un ataque de ejecuci\u00f3n de c\u00f3digo remoto. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante ejecute comandos arbitrarios en el sistema operativo subyacente."}], "lastModified": "2025-04-07T15:02:08.187", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2788E2CB-BCF1-4FAB-BB44-9C82649C6C00", "versionEndExcluding": "6.11.10", "versionStartIncluding": "6.11.0"}, {"criteria": "cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E297B74-2DC0-4EDA-B114-37A0257059FF", "versionEndExcluding": "6.12.3", "versionStartIncluding": "6.12.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-alert@hpe.com"}