CVE-2020-7120

A local authenticated buffer overflow vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in ClearPass OnGuard could allow local authenticated users to cause a buffer overflow condition. A successful exploit could allow a local attacker to execute arbitrary code within the context the binary is running in, which is a lower privileged account.

• CVE ID
• CVE-2020-7120

• Assigner
• security-alert@hpe.com

• Vulnerability Status
• Analyzed

• Published Version
• 2021-02-23T19:15:13

• Last Modified Date
• 2021-02-26T20:31:56

• Version
• 2.0

• Vector String
• AV:L/AC:L/Au:N/C:P/I:P/A:P

• Access Vector
• LOCAL

• Access Compatibility
• LOW

• Authentication
• NONE

• Confidentiality Impact
• PARTIAL

• Integrity Impact
• PARTIAL

• Availability Impact
• PARTIAL

• Base Score
• 4.6

• Severity
• MEDIUM

• Exploitability Score
• 3.9

• Impact Score
• 6.4

• Version
• 3.1

• Vector String
• CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

• Attack Vector
• LOCAL

• Attack Compatibility
• LOW

• Privileges Required
• LOW

• User Interaction
• NONE

• Scope
• UNCHANGED

• Confidentiality Impact
• LOW

• Availability Impact
• LOW

• Base Score
• 5.3

• Base Severity
• MEDIUM

• Exploitability Score
• 1.8

• Impact Score
• 3.4