reflections on the poc – aruba clearpass policy manager multiple vulnerabilities (13th Jul 2020)

Preface: WiFi features from beginning phase a small group of access extended to enterprises infrastructure nowadays. Even the IoT 4.0 and Industrial system especially ICS and IACS system will be found his footprint.

Background: Aruba’s ClearPass Policy Manager, part of the Aruba 360 Secure Fabric, provides role- and device-based secure network access control for IoT, BYOD, corporate devices, as well as employees, contractors and guests across any multivendor wired, wireless and VPN infrastructure.

About the subject: The official announcement has been released on 2nd June 2020 –

However the details of PoC just released 2 days ago. The PoC shown that it require using the C preprocessor generic programming interface defined in unistd[.]h. In additional it require to use compiler and conduct the re-engineering for payload library.
But the most important thing is that to successfully utilize the PoC code, user authentication is required. However, if the system administrator has not patched CVE-2018-7076 in the past. It will provide benefits for attackers. Easily exploit vulnerabilities discovered in June 2020.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.