cvelist/2023/43xxx/CVE-2023-43509.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2023-43509",
        "ASSIGNER": "security-alert@hpe.com",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A vulnerability in the web-based management interface of\u00a0ClearPass Policy Manager could allow an unauthenticated\u00a0remote attacker to send notifications to computers that are\u00a0running ClearPass OnGuard. These notifications can then be\u00a0used to phish users or trick them into downloading malicious\u00a0software."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "n/a"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Hewlett Packard Enterprise (HPE)",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Aruba ClearPass Policy Manager",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<=",
                                            "version_name": "ClearPass Policy Manager 6.11.x: 6.11.4 and below",
                                            "version_value": "<=6.11.4"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "ClearPass Policy Manager 6.10.x: 6.10.8 with ClearPass 6.10.8 Cumulative Hotfix Patch 5 and below"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "ClearPass Policy Manager 6.9.x: 6.9.13 with ClearPass 6.9.13 Cumulative Hotfix Patch 3 and below"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt",
                "refsource": "MISC",
                "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.1.0-dev"
    },
    "source": {
        "discovery": "UNKNOWN"
    },
    "credits": [
        {
            "lang": "en",
            "value": "Luke Young (bugcrowd.com/bored-engineer)"
        }
    ],
    "impact": {
        "cvss": [
            {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
                "version": "3.1"
            }
        ]
    }
}
"-Synchronized-Data." 2023-09-19 15:00:33 +00:00			`{`
"-Synchronized-Data." 2023-10-25 17:35:59 +00:00			`"data_version": "4.0",`
"-Synchronized-Data." 2023-09-19 15:00:33 +00:00			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"CVE_data_meta": {`
			`"ID": "CVE-2023-43509",`
"-Synchronized-Data." 2023-10-25 17:35:59 +00:00			`"ASSIGNER": "security-alert@hpe.com",`
			`"STATE": "PUBLIC"`
"-Synchronized-Data." 2023-09-19 15:00:33 +00:00			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2023-10-25 17:35:59 +00:00			`"value": "A vulnerability in the web-based management interface of\u00a0ClearPass Policy Manager could allow an unauthenticated\u00a0remote attacker to send notifications to computers that are\u00a0running ClearPass OnGuard. These notifications can then be\u00a0used to phish users or trick them into downloading malicious\u00a0software."`
			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "n/a"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "Hewlett Packard Enterprise (HPE)",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Aruba ClearPass Policy Manager",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<=",`
			`"version_name": "ClearPass Policy Manager 6.11.x: 6.11.4 and below",`
			`"version_value": "<=6.11.4"`
			`},`
			`{`
			`"version_affected": "=",`
			`"version_value": "ClearPass Policy Manager 6.10.x: 6.10.8 with ClearPass 6.10.8 Cumulative Hotfix Patch 5 and below"`
			`},`
			`{`
			`"version_affected": "=",`
			`"version_value": "ClearPass Policy Manager 6.9.x: 6.9.13 with ClearPass 6.9.13 Cumulative Hotfix Patch 3 and below"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt",`
			`"refsource": "MISC",`
			`"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-016.txt"`
			`}`
			`]`
			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.1.0-dev"`
			`},`
			`"source": {`
			`"discovery": "UNKNOWN"`
			`},`
			`"credits": [`
			`{`
			`"lang": "en",`
			`"value": "Luke Young (bugcrowd.com/bored-engineer)"`
			`}`
			`],`
			`"impact": {`
			`"cvss": [`
			`{`
			`"attackComplexity": "LOW",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 5.8,`
			`"baseSeverity": "MEDIUM",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "LOW",`
			`"privilegesRequired": "NONE",`
			`"scope": "CHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",`
			`"version": "3.1"`
"-Synchronized-Data." 2023-09-19 15:00:33 +00:00			`}`
			`]`
			`}`
			`}`