Overview
- Description
- Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not disable the troubleshooting and diagnostics page in production systems, which allows remote attackers to obtain version numbers, module configuration, and other sensitive information by reading the page.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-200
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arubanetworks:clearpass:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3A6BF287-CD0F-4211-949D-4E55563C57F9",
"versionEndIncluding": "6.3.4"
},
{
"criteria": "cpe:2.3:a:arubanetworks:clearpass:6.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E7326654-1579-4464-A7FE-A3982483B104"
}
],
"operator": "OR"
}
]
}
]