Vulnerability Details : CVE-2014-2593
The management console in Aruba Networks ClearPass Policy Manager 6.3.0.60730 allows local users to execute arbitrary commands via shell metacharacters in certain arguments of a valid command, as demonstrated by the (1) system status-rasession and (2) network ping commands.
Products affected by CVE-2014-2593
- cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.3.0.60730:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-2593
0.68%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 69 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-2593
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST |
CWE ids for CVE-2014-2593
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-2593
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/95491
Aruba Networks ClearPass Policy Manager command execution CVE-2014-2593 Vulnerability Report
-
http://www.arubanetworks.com/support/alerts/aid-050214.asc
Nothing found for Support Alerts Aid 050214 Asc
-
http://www.securityfocus.com/bid/69391
Aruba Networks ClearPass Policy Manager CVE-2014-2593 Command Injection Vulnerability
-
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2593
CVE-2014-2593 - Portcullis
-
http://osvdb.org/show/osvdb/109662
Jump to