CVE-2016-4401 – Unauthenticated Database Credential Leak In Aruba ClearPass

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-010.txt

It is possible for an unauthenticated user with network access to a ClearPass server to expose database credentials.  
This vulnerability leads to complete system compromise.

Severity: CRITICAL
CVSSv3 Overall Score: 9.8
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Discovery: This vulnerability was discovered by [email protected] and reported through the BugCrowd managed bug bounty
program.

FIX: Fixed in 6.5.7 and 6.6.2

Bounty: $1,500

Leave a Reply

Your email address will not be published. Required fields are marked *

eighteen − fourteen =