Details of VAR-201708-0349

ID

VAR-201708-0349

CVE

CVE-2015-3657

TITLE

Aruba Networks ClearPass Policy Manager Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-007792

DESCRIPTION

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain "Super Admin" privileges via unspecified vectors. Aruba Networks ClearPass Policy Manager Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Security vulnerabilities existed in versions prior to ArubaNetworksCPPM 6.4.7 and in versions 6.5.x prior to 6.5.2. A remote attacker could exploit this vulnerability to gain super administrator privileges

Trust: 2.43

sources: NVD: CVE-2015-3657 // JVNDB: JVNDB-2015-007792 // CNVD: CNVD-2017-26318 // BID: 100600

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-26318

AFFECTED PRODUCTS

vendor:	arubanetworks	model:	clearpass	scope:	eq	version:	6.5.1	Trust: 1.6
vendor:	arubanetworks	model:	clearpass	scope:	eq	version:	6.5	Trust: 1.6
vendor:	arubanetworks	model:	clearpass	scope:	lte	version:	6.4.6	Trust: 1.0
vendor:	aruba	model:	clearpass policy manager	scope:	eq	version:	6.5.2	Trust: 0.8
vendor:	aruba	model:	clearpass policy manager	scope:	lt	version:	6.5.x	Trust: 0.8
vendor:	aruba	model:	networks clearpass policy manager	scope:	lt	version:	6.4.7	Trust: 0.6
vendor:	aruba	model:	networks clearpass policy manager	scope:	eq	version:	6.5.*<6.5.2	Trust: 0.6
vendor:	arubanetworks	model:	clearpass	scope:	eq	version:	6.4.6	Trust: 0.6
vendor:	arubanetworks	model:	clearpass policy manager	scope:	eq	version:	6.5.1	Trust: 0.3
vendor:	arubanetworks	model:	clearpass policy manager	scope:	eq	version:	6.5	Trust: 0.3
vendor:	arubanetworks	model:	clearpass policy manager	scope:	eq	version:	6.4.6	Trust: 0.3
vendor:	arubanetworks	model:	clearpass policy manager	scope:	eq	version:	6.4.5	Trust: 0.3
vendor:	arubanetworks	model:	clearpass policy manager	scope:	eq	version:	6.4.2	Trust: 0.3
vendor:	arubanetworks	model:	clearpass policy manager	scope:	eq	version:	6.4.1	Trust: 0.3
vendor:	arubanetworks	model:	clearpass policy manager	scope:	eq	version:	6.4	Trust: 0.3
vendor:	arubanetworks	model:	clearpass policy manager	scope:	eq	version:	6.3.6	Trust: 0.3
vendor:	arubanetworks	model:	clearpass policy manager	scope:	eq	version:	6.3.5	Trust: 0.3
vendor:	arubanetworks	model:	clearpass policy manager	scope:	eq	version:	6.2.6	Trust: 0.3
vendor:	arubanetworks	model:	clearpass policy manager	scope:	eq	version:	6.2	Trust: 0.3
vendor:	arubanetworks	model:	clearpass policy manager	scope:	eq	version:	6.1	Trust: 0.3
vendor:	arubanetworks	model:	clearpass policy manager	scope:	eq	version:	6.4.4	Trust: 0.3
vendor:	arubanetworks	model:	clearpass policy manager	scope:	eq	version:	6.4.3	Trust: 0.3
vendor:	arubanetworks	model:	clearpass policy manager	scope:	eq	version:	6.0	Trust: 0.3
vendor:	arubanetworks	model:	clearpass policy manager	scope:	ne	version:	6.5.2	Trust: 0.3
vendor:	arubanetworks	model:	clearpass policy manager	scope:	ne	version:	6.4.7	Trust: 0.3

sources: CNVD: CNVD-2017-26318 // BID: 100600 // JVNDB: JVNDB-2015-007792 // CNNVD: CNNVD-201708-1338 // NVD: CVE-2015-3657

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-3657
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-3657
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-26318
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201708-1338
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2015-3657
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-26318
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2015-3657
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-26318 // JVNDB: JVNDB-2015-007792 // CNNVD: CNNVD-201708-1338 // NVD: CVE-2015-3657

PROBLEMTYPE DATA

problemtype:

CWE-284

Trust: 1.8

sources: JVNDB: JVNDB-2015-007792 // NVD: CVE-2015-3657

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-1338

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201708-1338

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-007792

PATCH

title:	ARUBA-PSA-2015-009	url:	http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-009.txt	Trust: 0.8
title:	Patch for ArubaNetworksClearPassPolicyManager Privilege Escalation Vulnerability (CNVD-2017-26318)	url:	https://www.cnvd.org.cn/patchInfo/show/102001	Trust: 0.6
title:	Aruba Networks ClearPass Policy Manager Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74475	Trust: 0.6

sources: CNVD: CNVD-2017-26318 // JVNDB: JVNDB-2015-007792 // CNNVD: CNNVD-201708-1338

EXTERNAL IDS

db:	NVD	id:	CVE-2015-3657	Trust: 3.3
db:	BID	id:	100600	Trust: 1.9
db:	JVNDB	id:	JVNDB-2015-007792	Trust: 0.8
db:	CNVD	id:	CNVD-2017-26318	Trust: 0.6
db:	CNNVD	id:	CNNVD-201708-1338	Trust: 0.6

sources: CNVD: CNVD-2017-26318 // BID: 100600 // JVNDB: JVNDB-2015-007792 // CNNVD: CNNVD-201708-1338 // NVD: CVE-2015-3657

REFERENCES

url:	http://www.arubanetworks.com/assets/alert/aruba-psa-2015-009.txt	Trust: 2.5
url:	http://www.securityfocus.com/bid/100600	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3657	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3657	Trust: 0.8
url:	http://www.arubanetworks.com/	Trust: 0.3
url:	http://www.arubanetworks.com/products/clearpass/	Trust: 0.3

sources: CNVD: CNVD-2017-26318 // BID: 100600 // JVNDB: JVNDB-2015-007792 // CNNVD: CNNVD-201708-1338 // NVD: CVE-2015-3657

CREDITS

Unknown

Trust: 0.3

sources: BID: 100600

SOURCES

db:	CNVD	id:	CNVD-2017-26318
db:	BID	id:	100600
db:	JVNDB	id:	JVNDB-2015-007792
db:	CNNVD	id:	CNNVD-201708-1338
db:	NVD	id:	CVE-2015-3657

LAST UPDATE DATE

2025-04-20T23:35:47.771000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-26318	date:	2017-09-12T00:00:00
db:	BID	id:	100600	date:	2017-08-29T00:00:00
db:	JVNDB	id:	JVNDB-2015-007792	date:	2017-09-20T00:00:00
db:	CNNVD	id:	CNNVD-201708-1338	date:	2017-09-05T00:00:00
db:	NVD	id:	CVE-2015-3657	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-26318	date:	2017-09-12T00:00:00
db:	BID	id:	100600	date:	2017-08-29T00:00:00
db:	JVNDB	id:	JVNDB-2015-007792	date:	2017-09-20T00:00:00
db:	CNNVD	id:	CNNVD-201708-1338	date:	2017-08-29T00:00:00
db:	NVD	id:	CVE-2015-3657	date:	2017-08-29T15:29:00.330