ID

VAR-201708-0345


CVE

CVE-2015-3653


TITLE

Aruba Networks ClearPass Policy Manager Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-007788

DESCRIPTION

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of service or gain privileges by leveraging incorrect permission checking. Aruba Networks ClearPass Policy Manager Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Security vulnerabilities existed in versions prior to ArubaNetworksCPPM 6.4.7 and in versions 6.5.x prior to 6.5.2. A remote attacker could exploit this vulnerability to overwrite any file in the underlying operating system, causing a denial of service or gaining access. Remote attackers can exploit this issue to gain elevated privileges. Failed exploits may result in denial-of-service conditions

Trust: 2.43

sources: NVD: CVE-2015-3653 // JVNDB: JVNDB-2015-007788 // CNVD: CNVD-2017-26328 // BID: 100593

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-26328

AFFECTED PRODUCTS

vendor:arubanetworksmodel:clearpassscope:eqversion:6.5.1

Trust: 1.6

vendor:arubanetworksmodel:clearpassscope:eqversion:6.5

Trust: 1.6

vendor:arubanetworksmodel:clearpassscope:lteversion:6.4.6

Trust: 1.0

vendor:arubamodel:clearpass policy managerscope:eqversion:6.5.2

Trust: 0.8

vendor:arubamodel:clearpass policy managerscope:ltversion:6.5.x

Trust: 0.8

vendor:arubamodel:networks clearpass policy managerscope:ltversion:6.4.7

Trust: 0.6

vendor:arubamodel:networks clearpass policy managerscope:eqversion:6.5.*<6.5.2

Trust: 0.6

vendor:arubanetworksmodel:clearpassscope:eqversion:6.4.6

Trust: 0.6

vendor:arubanetworksmodel:clearpass policy managerscope:eqversion:6.5.1

Trust: 0.3

vendor:arubanetworksmodel:clearpass policy managerscope:eqversion:6.5

Trust: 0.3

vendor:arubanetworksmodel:clearpass policy managerscope:eqversion:6.4.6

Trust: 0.3

vendor:arubanetworksmodel:clearpass policy managerscope:eqversion:6.4.5

Trust: 0.3

vendor:arubanetworksmodel:clearpass policy managerscope:eqversion:6.4.2

Trust: 0.3

vendor:arubanetworksmodel:clearpass policy managerscope:eqversion:6.4.1

Trust: 0.3

vendor:arubanetworksmodel:clearpass policy managerscope:eqversion:6.4

Trust: 0.3

vendor:arubanetworksmodel:clearpass policy managerscope:eqversion:6.3.6

Trust: 0.3

vendor:arubanetworksmodel:clearpass policy managerscope:eqversion:6.3.5

Trust: 0.3

vendor:arubanetworksmodel:clearpass policy managerscope:eqversion:6.2.6

Trust: 0.3

vendor:arubanetworksmodel:clearpass policy managerscope:eqversion:6.2

Trust: 0.3

vendor:arubanetworksmodel:clearpass policy managerscope:eqversion:6.1

Trust: 0.3

vendor:arubanetworksmodel:clearpass policy managerscope:eqversion:6.4.4

Trust: 0.3

vendor:arubanetworksmodel:clearpass policy managerscope:eqversion:6.4.3

Trust: 0.3

vendor:arubanetworksmodel:clearpass policy managerscope:eqversion:6.0

Trust: 0.3

vendor:arubanetworksmodel:clearpass policy managerscope:neversion:6.5.2

Trust: 0.3

vendor:arubanetworksmodel:clearpass policy managerscope:neversion:6.4.7

Trust: 0.3

sources: CNVD: CNVD-2017-26328 // BID: 100593 // JVNDB: JVNDB-2015-007788 // CNNVD: CNNVD-201708-1342 // NVD: CVE-2015-3653

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3653
value: HIGH

Trust: 1.0

NVD: CVE-2015-3653
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-26328
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201708-1342
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2015-3653
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-26328
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2015-3653
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-26328 // JVNDB: JVNDB-2015-007788 // CNNVD: CNNVD-201708-1342 // NVD: CVE-2015-3653

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.8

sources: JVNDB: JVNDB-2015-007788 // NVD: CVE-2015-3653

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-1342

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201708-1342

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-007788

PATCH

title:ARUBA-PSA-2015-009url:http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-009.txt

Trust: 0.8

title:ArubaNetworksClearPassPolicyManager patch for arbitrary file write vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/102027

Trust: 0.6

title:Aruba Networks ClearPass Policy Manager Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74479

Trust: 0.6

sources: CNVD: CNVD-2017-26328 // JVNDB: JVNDB-2015-007788 // CNNVD: CNNVD-201708-1342

EXTERNAL IDS

db:NVDid:CVE-2015-3653

Trust: 3.3

db:BIDid:100593

Trust: 1.9

db:JVNDBid:JVNDB-2015-007788

Trust: 0.8

db:CNVDid:CNVD-2017-26328

Trust: 0.6

db:CNNVDid:CNNVD-201708-1342

Trust: 0.6

sources: CNVD: CNVD-2017-26328 // BID: 100593 // JVNDB: JVNDB-2015-007788 // CNNVD: CNNVD-201708-1342 // NVD: CVE-2015-3653

REFERENCES

url:http://www.arubanetworks.com/assets/alert/aruba-psa-2015-009.txt

Trust: 2.5

url:http://www.securityfocus.com/bid/100593

Trust: 1.6

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3653

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2015-3653

Trust: 0.8

url:http://www.arubanetworks.com/

Trust: 0.3

sources: CNVD: CNVD-2017-26328 // BID: 100593 // JVNDB: JVNDB-2015-007788 // CNNVD: CNNVD-201708-1342 // NVD: CVE-2015-3653

CREDITS

Unknown.

Trust: 0.3

sources: BID: 100593

SOURCES

db:CNVDid:CNVD-2017-26328
db:BIDid:100593
db:JVNDBid:JVNDB-2015-007788
db:CNNVDid:CNNVD-201708-1342
db:NVDid:CVE-2015-3653

LAST UPDATE DATE

2025-04-20T23:22:15.100000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-26328date:2017-09-12T00:00:00
db:BIDid:100593date:2017-08-29T00:00:00
db:JVNDBid:JVNDB-2015-007788date:2017-09-20T00:00:00
db:CNNVDid:CNNVD-201708-1342date:2017-09-05T00:00:00
db:NVDid:CVE-2015-3653date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-26328date:2017-09-12T00:00:00
db:BIDid:100593date:2017-08-29T00:00:00
db:JVNDBid:JVNDB-2015-007788date:2017-09-20T00:00:00
db:CNNVDid:CNNVD-201708-1342date:2017-08-29T00:00:00
db:NVDid:CVE-2015-3653date:2017-08-29T15:29:00.190