ByteOS Network

Vulnerability Details :

CVE-2014-2593

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-29 Aug, 2014 | 14:00

Updated At-06 Aug, 2024 | 10:21

The management console in Aruba Networks ClearPass Policy Manager 6.3.0.60730 allows local users to execute arbitrary commands via shell metacharacters in certain arguments of a valid command, as demonstrated by the (1) system status-rasession and (2) network ping commands.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:29 Aug, 2014 | 14:00

Updated At:06 Aug, 2024 | 10:21

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://osvdb.org/show/osvdb/109662	vdb-entry x_refsource_OSVDB
http://www.arubanetworks.com/support/alerts/aid-050214.asc	x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/95491	vdb-entry x_refsource_XF
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2593	x_refsource_MISC
http://www.securityfocus.com/bid/69391	vdb-entry x_refsource_BID

Hyperlink: http://osvdb.org/show/osvdb/109662

Resource:

vdb-entry

x_refsource_OSVDB

Hyperlink: http://www.arubanetworks.com/support/alerts/aid-050214.asc

Resource:

x_refsource_CONFIRM

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/95491

Resource:

vdb-entry

x_refsource_XF

Hyperlink: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2593

Resource:

x_refsource_MISC

Hyperlink: http://www.securityfocus.com/bid/69391

Resource:

vdb-entry

x_refsource_BID

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://osvdb.org/show/osvdb/109662	vdb-entry x_refsource_OSVDB x_transferred
http://www.arubanetworks.com/support/alerts/aid-050214.asc	x_refsource_CONFIRM x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/95491	vdb-entry x_refsource_XF x_transferred
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2593	x_refsource_MISC x_transferred
http://www.securityfocus.com/bid/69391	vdb-entry x_refsource_BID x_transferred

Hyperlink: http://osvdb.org/show/osvdb/109662

Resource:

vdb-entry

x_refsource_OSVDB

x_transferred

Hyperlink: http://www.arubanetworks.com/support/alerts/aid-050214.asc

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/95491

Resource:

vdb-entry

x_refsource_XF

x_transferred

Hyperlink: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2593

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://www.securityfocus.com/bid/69391

Resource:

vdb-entry

x_refsource_BID

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:29 Aug, 2014 | 13:55

Updated At:12 Apr, 2025 | 10:46

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	9.0	HIGH	AV:N/AC:L/Au:S/C:C/I:C/A:C

Type: Primary

Version: 2.0

Base score: 9.0

Base severity: HIGH

Vector:

AV:N/AC:L/Au:S/C:C/I:C/A:C

CPE Matches

Aruba Networks

>>clearpass_policy_manager>>6.3.0.60730

cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.3.0.60730:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-264	Primary	nvd@nist.gov

CWE ID: CWE-264

Type: Primary

Source: nvd@nist.gov

Evaluator Description

Per: http://osvdb.org/show/osvdb/109662 "Aruba Networks ClearPass Policy Manager contains a flaw in the Management console. The issue is triggered when parsing commands. With a specially crafted command, an authenticated remote attacker can execute arbitrary commands with root privileges."

References

Hyperlink	Source	Resource
http://osvdb.org/show/osvdb/109662	cve@mitre.org	N/A
http://www.arubanetworks.com/support/alerts/aid-050214.asc	cve@mitre.org	N/A
http://www.securityfocus.com/bid/69391	cve@mitre.org	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/95491	cve@mitre.org	N/A
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2593	cve@mitre.org	N/A
http://osvdb.org/show/osvdb/109662	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.arubanetworks.com/support/alerts/aid-050214.asc	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/69391	af854a3a-2127-422b-91ae-364da2661108	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/95491	af854a3a-2127-422b-91ae-364da2661108	N/A
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2593	af854a3a-2127-422b-91ae-364da2661108	N/A

Hyperlink: http://osvdb.org/show/osvdb/109662

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.arubanetworks.com/support/alerts/aid-050214.asc

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securityfocus.com/bid/69391

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/95491

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2593

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://osvdb.org/show/osvdb/109662

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: http://www.arubanetworks.com/support/alerts/aid-050214.asc

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: http://www.securityfocus.com/bid/69391

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/95491

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2593

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Similar CVEs

60Records found

CVE-2022-23664

Matching Score-8

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-8

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-9.1||CRITICAL

EPSS-2.39% / 84.72%

7 Day CHG~0.00%

Published-16 May, 2022 | 19:37

Updated-03 Aug, 2024 | 03:51

A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.

Vendor-n/a Aruba Networks

Product-clearpass_policy_manager Aruba ClearPass Policy Manager

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2022-23673

Matching Score-8

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-8

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-7.2||HIGH

EPSS-3.87% / 87.98%

7 Day CHG~0.00%

Published-17 May, 2022 | 17:57

Updated-03 Aug, 2024 | 03:51

Vendor-n/a Aruba Networks

Product-clearpass_policy_manager Aruba ClearPass Policy Manager

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2022-23662

Matching Score-8

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-8

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-9.1||CRITICAL

EPSS-2.39% / 84.72%

7 Day CHG~0.00%

Published-16 May, 2022 | 19:32

Updated-03 Aug, 2024 | 03:51

Vendor-n/a Aruba Networks

Product-clearpass_policy_manager Aruba ClearPass Policy Manager

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2022-23672

Matching Score-8

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-8

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-7.2||HIGH

EPSS-3.87% / 87.98%

7 Day CHG~0.00%

Published-17 May, 2022 | 17:52

Updated-03 Aug, 2024 | 03:51

Vendor-n/a Aruba Networks

Product-clearpass_policy_manager Aruba ClearPass Policy Manager

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2021-37719

Matching Score-8

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-8

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-7.2||HIGH

EPSS-3.63% / 87.57%

7 Day CHG~0.00%

Published-07 Sep, 2021 | 12:06

Updated-04 Aug, 2024 | 01:23

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.

Vendor-n/a Aruba Networks

Product-arubaos sd-wan Aruba SD-WAN Software and Gateways; Aruba Operating System Software

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVE-2021-37730

Matching Score-8

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-8

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-7.2||HIGH

EPSS-2.70% / 85.59%

7 Day CHG~0.00%

Published-12 Oct, 2021 | 14:07

Updated-04 Aug, 2024 | 01:30

A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.20 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba Instant 8.7.x.x: 8.7.1.3 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability.

Vendor-n/a Siemens AG Aruba Networks

Product-aruba_instant scalance_w1750d_firmware scalance_w1750d HPE Aruba Instant (IAP)

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2021-34610

Matching Score-8

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-8

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-7.2||HIGH

EPSS-3.29% / 86.94%

7 Day CHG~0.00%

Published-08 Jul, 2021 | 15:44

Updated-04 Aug, 2024 | 00:19

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.

Vendor-n/a Aruba Networks

Product-clearpass_policy_manager Aruba ClearPass Policy Manager

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2021-34611

Matching Score-8

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-8

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-7.2||HIGH

EPSS-2.45% / 84.92%

7 Day CHG~0.00%

Published-08 Jul, 2021 | 15:40

Updated-04 Aug, 2024 | 00:19

Vendor-n/a Aruba Networks

Product-clearpass_policy_manager Aruba ClearPass Policy Manager

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2015-1550

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-9||HIGH

EPSS-0.76% / 72.92%

7 Day CHG~0.00%

Published-28 May, 2015 | 14:00

Updated-12 Apr, 2025 | 10:46

Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote administrators to execute arbitrary files via unspecified vectors.

Vendor-n/a Aruba Networks

Product-clearpass_policy_manager n/a

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2021-40986

Matching Score-8

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-8

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-7.2||HIGH

EPSS-2.52% / 85.12%

7 Day CHG~0.00%

Published-15 Oct, 2021 | 13:35

Updated-04 Aug, 2024 | 02:59

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.

Vendor-n/a Aruba Networks

Product-clearpass_policy_manager Aruba ClearPass Policy Manager

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVE-2014-2593

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs