188金宝搏的网址_188金博的官方网址导航

-----BEGIN PGP签名消息-----哈希:SHA256 Aruba Product Security Advisory =============================== Advisory ID: Aruba - psa -2020-005 CVE: CVE-2020-7115, CVE-2020-7116, CVE-2020-71171标题===== ClearPass策略管理器多个漏洞概述======== Aruba发布了ClearPass策略管理器的更新，解决了多个安全漏洞。受影响的产品 ================= ClearPass 6.9。x在6.9.1 ClearPass 6.8之前。x在6.8.5-HF ClearPass 6.7之前。======= web中未通过认证的远程命令执行(CVE-2020-7115) --------------------------------------------------------------------- ClearPass Policy Manager web界面存在漏洞，可能会导致认证被绕过。成功绕过后，攻击者就可以执行一个漏洞，允许在底层操作系统中远程执行命令。内部参考:ATLCP-99严重性:高CVSSv3总分:8.1 CVSS矢量:CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H分辨率:固定在6.7.13-HF、6.8.5-HF 6.8.6 6.9.1和更高的经过身份验证的远程命令执行(cve cve - 2020 - 7116 - 2020 - 7117 ) --------------------------------------------------------------------- ClearPass政策经理WebUI管理界面由两个漏洞影响影响应用程序的两个不同的功能。当攻击者已经通过管理接口的身份验证后，他们就可以利用系统，在底层操作系统中执行远程命令。atlcp内部引用:atlcp - 101 - 93 cve - 2020 - 7116严重程度:高CVSSv3总分:7.2 CVSS向量:CVSS: 3.0 / AV: N /交流:L /公关:H / UI: N / S: U / C: H /我:H: H cve - 2020 - 7117严重性:媒介CVSSv3总分:5.0 CVSS向量:CVSS: 3.0 / AV: N /交流:H /公关:L / UI: N / S: U / C: L /我:L /答:L决议:固定在6.7.13-HF 6.8.5-HF, 6.8.6, 6.9.1和更高的发现: These vulnerabilities were discovered and reported by Daniel Jensen (@dozernz), via Aruba's Bug Bounty program. Resolution ========== 1. Upgrade ClearPass Policy Manager 6.9.x to version 6.9.1 2. Upgrade ClearPass Policy Manager 6.8.x to version 6.8.5-HF or 6.8.6 3. Upgrade ClearPass Policy Manager 6.7.x to version 6.7.13-HF Workarounds =========== None. Revision History ================ Revision 1 / 2020-Jun-02 / Initial release Aruba SIRT Security Procedures ============================== Complete information on reporting security vulnerabilities in Aruba Networks products, obtaining assistance with security incidents is available at: //www.nexbus-cng.com/support-services/security-bulletins/ For reporting *NEW* Aruba Networks security issues, email can be sent to aruba-sirt(at)hpe.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at: //www.nexbus-cng.com/support-services/security-bulletins/ (c) Copyright 2020 by Aruba, a Hewlett Packard Enterprise company. This advisory may be redistributed freely after the release date given at the top of the text, provided that the redistributed copies are complete and unmodified, including all data and version information. -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEMd5pP5EnbG7Y0fo5mP4JykWFhtkFAl7VHl4ACgkQmP4JykWF htkzDAf/V5PQKrIVttsvKw7UDXCjTS/KjgEVy4HwGP433q0rKBFXHdGV/Lkrjfm2 ir5gdrReFmIb3RQos1cnW9QvQo+v31PD215xpdfHpRXuftukfmqGlWPwxNwOEaJn b9IlcmFGGrrBgGplVZ9JByrPzsRQIYAStRaYyGyEBIgFx0ChbEQBfz2J0ri8Td+P 0Z0KmxXwli3w+FzbGLjdiiNBctPQry2pBUcYtnpupqvyqX6toh5OV7KXKJQP8g+i bSL9zHTFbiw/ytTxCRB8xApKdNGF/+JK2ADWzIy68NRxLB3xBobFibL/JShfBeWa 1oW0ReNd/Lqv4Kya0PSI5oixdvcKlg== =sTOF -----END PGP SIGNATURE-----