CVE-2022-43537 HIGH

CVE-2022-43537

Vendor Hewlett Packard Enterprise (Hpe)

Product Aruba ClearPass Policy Manager

Published January 3, 2023

Last update April 10, 2025

View on NVD All CVEs

CVSS base score

7.2/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.

Key dates

02Disclosure timeline

January 3, 2023 CVE published

April 10, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-43537

Identifiers

CVE CVE-2022-43537

CVSS 7.2 / HIGH

Affected versions

Vendor Hewlett Packard Enterprise (Hpe)

Product Aruba ClearPass Policy Manager

Affected ClearPass Policy Manager 6.10.x: 6.10.7 and below, ClearPass Policy Manager 6.9.x: 6.9.12 and below