ID
VAR-201708-0345
CVE
CVE-2015-3653
TITLE
Aruba Networks ClearPass Policy Manager Access control vulnerability
Trust: 0.8
DESCRIPTION
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of service or gain privileges by leveraging incorrect permission checking. Aruba Networks ClearPass Policy Manager Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Security vulnerabilities existed in versions prior to ArubaNetworksCPPM 6.4.7 and in versions 6.5.x prior to 6.5.2. A remote attacker could exploit this vulnerability to overwrite any file in the underlying operating system, causing a denial of service or gaining access. Remote attackers can exploit this issue to gain elevated privileges. Failed exploits may result in denial-of-service conditions
Trust: 2.43
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | arubanetworks | model: | clearpass | scope: | eq | version: | 6.5.1 | Trust: 1.6 |
| vendor: | arubanetworks | model: | clearpass | scope: | eq | version: | 6.5 | Trust: 1.6 |
| vendor: | arubanetworks | model: | clearpass | scope: | lte | version: | 6.4.6 | Trust: 1.0 |
| vendor: | aruba | model: | clearpass policy manager | scope: | eq | version: | 6.5.2 | Trust: 0.8 |
| vendor: | aruba | model: | clearpass policy manager | scope: | lt | version: | 6.5.x | Trust: 0.8 |
| vendor: | aruba | model: | networks clearpass policy manager | scope: | lt | version: | 6.4.7 | Trust: 0.6 |
| vendor: | aruba | model: | networks clearpass policy manager | scope: | eq | version: | 6.5.*<6.5.2 | Trust: 0.6 |
| vendor: | arubanetworks | model: | clearpass | scope: | eq | version: | 6.4.6 | Trust: 0.6 |
| vendor: | arubanetworks | model: | clearpass policy manager | scope: | eq | version: | 6.5.1 | Trust: 0.3 |
| vendor: | arubanetworks | model: | clearpass policy manager | scope: | eq | version: | 6.5 | Trust: 0.3 |
| vendor: | arubanetworks | model: | clearpass policy manager | scope: | eq | version: | 6.4.6 | Trust: 0.3 |
| vendor: | arubanetworks | model: | clearpass policy manager | scope: | eq | version: | 6.4.5 | Trust: 0.3 |
| vendor: | arubanetworks | model: | clearpass policy manager | scope: | eq | version: | 6.4.2 | Trust: 0.3 |
| vendor: | arubanetworks | model: | clearpass policy manager | scope: | eq | version: | 6.4.1 | Trust: 0.3 |
| vendor: | arubanetworks | model: | clearpass policy manager | scope: | eq | version: | 6.4 | Trust: 0.3 |
| vendor: | arubanetworks | model: | clearpass policy manager | scope: | eq | version: | 6.3.6 | Trust: 0.3 |
| vendor: | arubanetworks | model: | clearpass policy manager | scope: | eq | version: | 6.3.5 | Trust: 0.3 |
| vendor: | arubanetworks | model: | clearpass policy manager | scope: | eq | version: | 6.2.6 | Trust: 0.3 |
| vendor: | arubanetworks | model: | clearpass policy manager | scope: | eq | version: | 6.2 | Trust: 0.3 |
| vendor: | arubanetworks | model: | clearpass policy manager | scope: | eq | version: | 6.1 | Trust: 0.3 |
| vendor: | arubanetworks | model: | clearpass policy manager | scope: | eq | version: | 6.4.4 | Trust: 0.3 |
| vendor: | arubanetworks | model: | clearpass policy manager | scope: | eq | version: | 6.4.3 | Trust: 0.3 |
| vendor: | arubanetworks | model: | clearpass policy manager | scope: | eq | version: | 6.0 | Trust: 0.3 |
| vendor: | arubanetworks | model: | clearpass policy manager | scope: | ne | version: | 6.5.2 | Trust: 0.3 |
| vendor: | arubanetworks | model: | clearpass policy manager | scope: | ne | version: | 6.4.7 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-284 | Trust: 1.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
lack of information
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | ARUBA-PSA-2015-009 | url: | http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-009.txt | Trust: 0.8 |
| title: | ArubaNetworksClearPassPolicyManager patch for arbitrary file write vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/102027 | Trust: 0.6 |
| title: | Aruba Networks ClearPass Policy Manager Security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74479 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2015-3653 | Trust: 3.3 |
| db: | BID | id: | 100593 | Trust: 1.9 |
| db: | JVNDB | id: | JVNDB-2015-007788 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2017-26328 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-201708-1342 | Trust: 0.6 |
REFERENCES
| url: | http://www.arubanetworks.com/assets/alert/aruba-psa-2015-009.txt | Trust: 2.5 |
| url: | http://www.securityfocus.com/bid/100593 | Trust: 1.6 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3653 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2015-3653 | Trust: 0.8 |
| url: | http://www.arubanetworks.com/ | Trust: 0.3 |
CREDITS
Unknown.
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2017-26328 |
| db: | BID | id: | 100593 |
| db: | JVNDB | id: | JVNDB-2015-007788 |
| db: | CNNVD | id: | CNNVD-201708-1342 |
| db: | NVD | id: | CVE-2015-3653 |
LAST UPDATE DATE
2025-04-20T23:22:15.100000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2017-26328 | date: | 2017-09-12T00:00:00 |
| db: | BID | id: | 100593 | date: | 2017-08-29T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-007788 | date: | 2017-09-20T00:00:00 |
| db: | CNNVD | id: | CNNVD-201708-1342 | date: | 2017-09-05T00:00:00 |
| db: | NVD | id: | CVE-2015-3653 | date: | 2025-04-20T01:37:25.860 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2017-26328 | date: | 2017-09-12T00:00:00 |
| db: | BID | id: | 100593 | date: | 2017-08-29T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-007788 | date: | 2017-09-20T00:00:00 |
| db: | CNNVD | id: | CNNVD-201708-1342 | date: | 2017-08-29T00:00:00 |
| db: | NVD | id: | CVE-2015-3653 | date: | 2017-08-29T15:29:00.190 |