← back
CVE-2020-7115

CVE-2020-7115

EPSS 64.6%
The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher.
Affected products
n/a · ClearPass Policy Manager
public PoCs found3
githubgithub.com/Retr02332/CVE-2020-71152cve_referencepacketstormsecurity.com/files/158368/ClearPass-Policy-Manager-Unauthenticated-Remote-Command-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48661unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/158368/ClearPass-Policy-Manager-Unauthenticated-Remote-Command-Execution.htmlhttps://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-005.txt