CVE-2013-2269
Published Oct 1, 2013
Last updated 11 years ago
Overview
- Description
- The Sponsorship Confirmation functionality in Aruba Networks ClearPass 5.x, 6.0.1, and 6.0.2, and Amigopod/ClearPass Guest 3.0 through 3.9.7, allows remote attackers to bypass intended access restrictions and approve a request by sending a guest request, then using "parameter manipulation" in conjunction with information from a "default holding page" to discover the link that is used for sponsor approval of the guest request, then performing a direct request to that link.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-264
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:clearpass:5.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EF7324FA-8041-4C79-B630-5912E0AC6880"
},
{
"criteria": "cpe:2.3:a:arubanetworks:clearpass:5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AD0B9F17-CC52-497E-B492-73DFBF6203C0"
},
{
"criteria": "cpe:2.3:a:arubanetworks:clearpass:5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "584703D0-5E85-4BDA-A670-6BECF3A71BB7"
},
{
"criteria": "cpe:2.3:a:arubanetworks:clearpass:6.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6FFFA1B8-1B2B-4DE1-8469-FFEDC9ECF34C"
},
{
"criteria": "cpe:2.3:a:arubanetworks:clearpass:6.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D10617AC-F939-4CA1-AD63-C192125F2EE5"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:clearpass_guest:3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02DD38EA-5872-4299-9F9E-7663B065674F"
},
{
"criteria": "cpe:2.3:a:arubanetworks:clearpass_guest:3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A367CD87-85E5-4E0F-BB8B-D8D0BB3A7B4A"
},
{
"criteria": "cpe:2.3:a:arubanetworks:clearpass_guest:3.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2CB3CC6C-14F7-49E1-AB25-D4F99529E385"
},
{
"criteria": "cpe:2.3:a:arubanetworks:clearpass_guest:3.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0EA0795D-F4E9-4661-83E5-8F3D6453E529"
},
{
"criteria": "cpe:2.3:a:arubanetworks:clearpass_guest:3.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B38F1698-F799-4AF6-A0FA-14F838E4E5FE"
},
{
"criteria": "cpe:2.3:a:arubanetworks:clearpass_guest:3.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D9720517-8C32-49E2-8499-910DB9F3A719"
},
{
"criteria": "cpe:2.3:a:arubanetworks:clearpass_guest:3.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4F9D035A-7AF8-4B4F-AB03-DBCD59E53C05"
}
],
"operator": "OR"
}
]
}
]