VIR Vulnerability Intelligence Relay

CVE-2015-4650

critical
Published 2017-10-16 · Modified 2026-05-13
CVSS v3
9.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2
10.0
VIR risk
9.8

Description

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors.

Predictions

Exploit likelihood
97%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-009.txt

Application impact
VendorProductVersionsFixed
arubanetworksclearpass_policy_manager{"endIncluding":"6.4.6"}
arubanetworksclearpass_policy_manager6.5.0
arubanetworksclearpass_policy_manager6.5.1

References

CWEs

CWE-264

Verify integrity in audit chain (admin only). AS-IS.