The HPE Aruba Networking Product Security Advisory, ARUBA-PSA-2024-001, alerts users to critical vulnerabilities in ClearPass Policy Manager. These vulnerabilities, identified by CVE numbers, encompass command injection, cross-site scripting, and information disclosure threats. Impacting different versions of the software, these vulnerabilities could lead to remote code execution, arbitrary command execution, or unauthorized data access. The severity is classified as critical, urging immediate action to mitigate potential risks.
To address these vulnerabilities, HPE Aruba advises users to upgrade ClearPass Policy Manager to patched versions specified in the advisory. Additionally, the document provides detailed information on each vulnerability, including its severity, discovery, and recommended workarounds. It emphasizes restricting web-based management interfaces to dedicated network segments and implementing firewall policies for enhanced security. The advisory underscores the importance of staying informed about security updates and adhering to best practices for network hardening to safeguard against potential exploits.