ByteOS Network

NVD Vulnerability Details :

CVE-2014-2071

Analyzed

Source-cve@mitre.org

Published At-08 Jan, 2018 | 19:29

Updated At-31 Jan, 2018 | 15:15

Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner and outer identities within a tunneled EAP method.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	7.1	HIGH	CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	4.9	MEDIUM	AV:A/AC:M/Au:S/C:P/I:P/A:P

CPE Matches

Aruba Networks

>>clearpass>>Versions from 6.1(inclusive) to 6.1.4(inclusive)

cpe:2.3:a:arubanetworks:clearpass:*:*:*:*:*:*:*:*

Aruba Networks

>>clearpass>>Versions from 6.2(inclusive) to 6.2.5.61640(exclusive)

cpe:2.3:a:arubanetworks:clearpass:*:*:*:*:*:*:*:*

Aruba Networks

>>clearpass>>Versions from 6.3(inclusive) to 6.3.0.61712(exclusive)

cpe:2.3:a:arubanetworks:clearpass:*:*:*:*:*:*:*:*

Aruba Networks

>>clearpass>>Versions from 6.1(inclusive) to 6.1.4(inclusive)

cpe:2.3:a:arubanetworks:clearpass:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-264	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.arubanetworks.com/assets/alert/aid-050214.asc	cve@mitre.org	Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History