Exploit for Aruba ClearPass Policy Manager tipsSimulationUpload command execution CVE-2020-7115

Name: Exploit for Aruba ClearPass Policy Manager tipsSimulationUpload command execution CVE-2020-7115
Rating: 5 (185 reviews)

2020-08-13 | CVSS 10.0

## https://sploitus.com/exploit?id=SAINT:DF69532319D5633A7EE77A71E5C0B2FE
Added: 08/13/2020  
CVE: [CVE-2020-7115](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7115>)  


### Background

[Aruba ClearPass](<https://www.arubanetworks.com/products/security/network-access-control/>) is a network access control solution. 

### Problem

A vulnerability in the `**tipsSimulationUpload.action**` resource allows remote attackers to execute arbitrary commands by uploading a shared object library in the `**uploadClientCertFile**` parameter. 

### Resolution

Upgrade ClearPass Policy Manager to version 6.7.13-HF, 6.8.5-HF, 6.8.6, or 6.9.1 or higher. 

### References

<https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-005.txt>  


### Platforms

Linux