ID

VAR-201708-0349


CVE

CVE-2015-3657


TITLE

Aruba Networks ClearPass Policy Manager Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-007792

DESCRIPTION

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain "Super Admin" privileges via unspecified vectors. Aruba Networks ClearPass Policy Manager Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Security vulnerabilities existed in versions prior to ArubaNetworksCPPM 6.4.7 and in versions 6.5.x prior to 6.5.2. A remote attacker could exploit this vulnerability to gain super administrator privileges

Trust: 2.43

sources: NVD: CVE-2015-3657 // JVNDB: JVNDB-2015-007792 // CNVD: CNVD-2017-26318 // BID: 100600

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-26318

AFFECTED PRODUCTS

vendor:arubanetworksmodel:clearpassscope:eqversion:6.5.1

Trust: 1.6

vendor:arubanetworksmodel:clearpassscope:eqversion:6.5

Trust: 1.6

vendor:arubanetworksmodel:clearpassscope:lteversion:6.4.6

Trust: 1.0

vendor:arubamodel:clearpass policy managerscope:eqversion:6.5.2

Trust: 0.8

vendor:arubamodel:clearpass policy managerscope:ltversion:6.5.x

Trust: 0.8

vendor:arubamodel:networks clearpass policy managerscope:ltversion:6.4.7

Trust: 0.6

vendor:arubamodel:networks clearpass policy managerscope:eqversion:6.5.*<6.5.2

Trust: 0.6

vendor:arubanetworksmodel:clearpassscope:eqversion:6.4.6

Trust: 0.6

vendor:arubanetworksmodel:clearpass policy managerscope:eqversion:6.5.1

Trust: 0.3

vendor:arubanetworksmodel:clearpass policy managerscope:eqversion:6.5

Trust: 0.3

vendor:arubanetworksmodel:clearpass policy managerscope:eqversion:6.4.6

Trust: 0.3

vendor:arubanetworksmodel:clearpass policy managerscope:eqversion:6.4.5

Trust: 0.3

vendor:arubanetworksmodel:clearpass policy managerscope:eqversion:6.4.2

Trust: 0.3

vendor:arubanetworksmodel:clearpass policy managerscope:eqversion:6.4.1

Trust: 0.3

vendor:arubanetworksmodel:clearpass policy managerscope:eqversion:6.4

Trust: 0.3

vendor:arubanetworksmodel:clearpass policy managerscope:eqversion:6.3.6

Trust: 0.3

vendor:arubanetworksmodel:clearpass policy managerscope:eqversion:6.3.5

Trust: 0.3

vendor:arubanetworksmodel:clearpass policy managerscope:eqversion:6.2.6

Trust: 0.3

vendor:arubanetworksmodel:clearpass policy managerscope:eqversion:6.2

Trust: 0.3

vendor:arubanetworksmodel:clearpass policy managerscope:eqversion:6.1

Trust: 0.3

vendor:arubanetworksmodel:clearpass policy managerscope:eqversion:6.4.4

Trust: 0.3

vendor:arubanetworksmodel:clearpass policy managerscope:eqversion:6.4.3

Trust: 0.3

vendor:arubanetworksmodel:clearpass policy managerscope:eqversion:6.0

Trust: 0.3

vendor:arubanetworksmodel:clearpass policy managerscope:neversion:6.5.2

Trust: 0.3

vendor:arubanetworksmodel:clearpass policy managerscope:neversion:6.4.7

Trust: 0.3

sources: CNVD: CNVD-2017-26318 // BID: 100600 // JVNDB: JVNDB-2015-007792 // CNNVD: CNNVD-201708-1338 // NVD: CVE-2015-3657

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3657
value: HIGH

Trust: 1.0

NVD: CVE-2015-3657
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-26318
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201708-1338
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2015-3657
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-26318
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2015-3657
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-26318 // JVNDB: JVNDB-2015-007792 // CNNVD: CNNVD-201708-1338 // NVD: CVE-2015-3657

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.8

sources: JVNDB: JVNDB-2015-007792 // NVD: CVE-2015-3657

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-1338

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201708-1338

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-007792

PATCH

title:ARUBA-PSA-2015-009url:http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-009.txt

Trust: 0.8

title:Patch for ArubaNetworksClearPassPolicyManager Privilege Escalation Vulnerability (CNVD-2017-26318)url:https://www.cnvd.org.cn/patchInfo/show/102001

Trust: 0.6

title:Aruba Networks ClearPass Policy Manager Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74475

Trust: 0.6

sources: CNVD: CNVD-2017-26318 // JVNDB: JVNDB-2015-007792 // CNNVD: CNNVD-201708-1338

EXTERNAL IDS

db:NVDid:CVE-2015-3657

Trust: 3.3

db:BIDid:100600

Trust: 1.9

db:JVNDBid:JVNDB-2015-007792

Trust: 0.8

db:CNVDid:CNVD-2017-26318

Trust: 0.6

db:CNNVDid:CNNVD-201708-1338

Trust: 0.6

sources: CNVD: CNVD-2017-26318 // BID: 100600 // JVNDB: JVNDB-2015-007792 // CNNVD: CNNVD-201708-1338 // NVD: CVE-2015-3657

REFERENCES

url:http://www.arubanetworks.com/assets/alert/aruba-psa-2015-009.txt

Trust: 2.5

url:http://www.securityfocus.com/bid/100600

Trust: 1.6

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3657

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2015-3657

Trust: 0.8

url:http://www.arubanetworks.com/

Trust: 0.3

url:http://www.arubanetworks.com/products/clearpass/

Trust: 0.3

sources: CNVD: CNVD-2017-26318 // BID: 100600 // JVNDB: JVNDB-2015-007792 // CNNVD: CNNVD-201708-1338 // NVD: CVE-2015-3657

CREDITS

Unknown

Trust: 0.3

sources: BID: 100600

SOURCES

db:CNVDid:CNVD-2017-26318
db:BIDid:100600
db:JVNDBid:JVNDB-2015-007792
db:CNNVDid:CNNVD-201708-1338
db:NVDid:CVE-2015-3657

LAST UPDATE DATE

2025-04-20T23:35:47.771000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-26318date:2017-09-12T00:00:00
db:BIDid:100600date:2017-08-29T00:00:00
db:JVNDBid:JVNDB-2015-007792date:2017-09-20T00:00:00
db:CNNVDid:CNNVD-201708-1338date:2017-09-05T00:00:00
db:NVDid:CVE-2015-3657date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-26318date:2017-09-12T00:00:00
db:BIDid:100600date:2017-08-29T00:00:00
db:JVNDBid:JVNDB-2015-007792date:2017-09-20T00:00:00
db:CNNVDid:CNNVD-201708-1338date:2017-08-29T00:00:00
db:NVDid:CVE-2015-3657date:2017-08-29T15:29:00.330