CVE-2023-25595 MEDIUM

CVE-2023-25595: Sensitive Information Disclosure in ClearPass OnGuard Ubuntu Agent

Vendor Hewlett Packard Enterprise (Hpe)
Product Aruba ClearPass Policy Manager
Published March 14, 2023
Last update February 27, 2025

CVSS base score

5.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A vulnerability exists in the ClearPass OnGuard Ubuntu agent that allows for an attacker with local Ubuntu instance access to potentially obtain sensitive information. Successful Exploitation of this vulnerability allows an attacker to retrieve information that is of a sensitive nature to the ClearPass/OnGuard environment.

Key dates

02Disclosure timeline

March 14, 2023 CVE published
February 27, 2025 Record updated