Advertisment

Aruba Networks Mitigates Apache Struts 2 Flaw in ClearPass, Upgrades Amid Security Concerns

Aruba Networks addresses a critical Apache Struts 2 flaw, CVE-2023-50164, in its ClearPass Policy Manager, as part of a broader security initiative.

author-image
Salman Akhtar
Updated On
New Update
Aruba Networks Mitigates Apache Struts 2 Flaw in ClearPass, Upgrades Amid Security Concerns

Aruba Networks Mitigates Apache Struts 2 Flaw in ClearPass, Upgrades Amid Security Concerns

Aruba Networks has proactively addressed a critical vulnerability within its ClearPass Policy Manager product, originally linked to the widely-reported Apache Struts 2 flaw, CVE-2023-50164. The company's recent advisory highlights the upgrade of Apache Struts as a precautionary measure, despite the lack of confirmed impact on their product. This development comes as part of a broader initiative to fortify security, covering a total of 10 CVEs, with five posing high severity risks.

Advertisment

Unpacking the Vulnerability

Discovered in December, CVE-2023-50164 has been a significant concern within the cybersecurity community, allowing attackers to manipulate file uploads for remote code execution. The rapid publication of proof-of-concept code following the disclosure underscores the critical nature of the vulnerability. Aruba Networks' swift response, upgrading the Apache Struts version used in ClearPass Policy Manager, mirrors industry practices aiming to mitigate such risks promptly. Notably, other major vendors like Cisco and Dell have also issued patches to address this vulnerability.

Scope and Impact

Advertisment

The vulnerabilities addressed in the recent patch include CVE-2024-26294 through CVE-2024-26298, all of which concern the ClearPass Policy Manager's web-based management interface. These vulnerabilities enable remote, authenticated users to execute arbitrary commands as root, presenting a significant security risk. Additionally, four medium-rated vulnerabilities, CVE-2024-26299 through CVE-2024-26302, have been patched. The affected software branches span ClearPass Policy Manager 6.12.x, 6.11.x, 6.10.x, and 6.9.x, indicating a wide-reaching impact across various deployments.

Industry Response and Recommendations

The cybersecurity community's proactive stance on vulnerabilities like CVE-2023-50164 is critical to maintaining the security integrity of networks and systems. Aruba Networks' advisory and subsequent patch roll-up serve as a benchmark for industry response to such threats. Users of the affected ClearPass Policy Manager versions are urged to apply the provided patches immediately to safeguard against potential exploits. This incident highlights the ongoing challenges and the importance of vigilance and swift action in the face of cybersecurity threats.

In reflecting on this event, it is evident that the landscape of cybersecurity is ever-evolving, with vulnerabilities posing constant challenges. The collaborative effort between vendors, cybersecurity professionals, and users in identifying, disclosing, and mitigating such vulnerabilities is paramount to maintaining the digital ecosystem's integrity. As threats become more sophisticated, so too must the responses, underscoring the importance of ongoing vigilance and proactive security measures.

Advertisment
Advertisment