CVE-2024-51772: Authenticated Deserialization Vulnerability in ClearPass Policy Manager Web-Based Management Interface Leading to a Remote Command Execution (RCE)

6.4 CVSS

Description

An authenticated RCE vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system.

Classification

CVE ID: CVE-2024-51772

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.4

Affected Products

Vendor: Hewlett Packard Enterprise (HPE)

Product: HPE Aruba Networking ClearPass Policy Manager

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04761en_us&docLocale=en_US

Timeline

2024-12-04 00:11:40 UTC
CVE

Authenticated Deserialization Vulnerability in ClearPass Policy Manager Web-Based Management Interface Leading to a Remote Command Execution (RCE)