1. What is this vulnerability and why does it matter?

This vulnerability, identified as CVE-2022-23696, involves SQL injection flaws within the web-based management interface of Aruba ClearPass Policy Manager. It matters significantly because an authenticated remote attacker can exploit these flaws to execute SQL injection attacks. Such an attack could lead to the unauthorized retrieval and modification of sensitive information stored in the underlying database, potentially resulting in a complete compromise of the entire ClearPass Policy Manager cluster.

2. What are the CVSS score, severity level, and disclosure details?

3. Which products, vendors, systems, and versions are affected?

4. What is the technical root cause and attack vector?

The technical root cause is SQL injection (CWE-89) vulnerabilities present in the web-based management interface of ClearPass Policy Manager. The attack vector is an authenticated remote attacker leveraging these vulnerabilities.

5. How can this vulnerability be exploited?

This vulnerability can be exploited by an authenticated remote attacker who can conduct SQL injection attacks through the ClearPass Policy Manager's web-based management interface. Successful exploitation allows the attacker to obtain and modify sensitive data within the underlying database, potentially leading to a full compromise of the ClearPass Policy Manager cluster.

6. What mitigation steps and patches are available?

Aruba has released upgrades for Aruba ClearPass Policy Manager that specifically address these security vulnerabilities. Users should upgrade their ClearPass Policy Manager instances to versions higher than the affected ones (i.e., above 6.10.6 for the 6.10.x branch and above 6.9.11 for the 6.9.x branch) to mitigate the risk.

7. How can vulnerable systems be detected?

Vulnerable systems can be detected by checking the installed version of Aruba ClearPass Policy Manager. Any installations running version 6.10.6 or below within the 6.10.x series, or version 6.9.11 or below within the 6.9.x series, are considered vulnerable. Administrators should verify their current software versions against these thresholds.

10. What public intelligence references and advisories exist?

The primary public intelligence reference is the Common Vulnerabilities and Exposures (CVE) entry: CVE-2022-23696. Additionally, Aruba has released advisories related to this vulnerability, which included information about the available upgrades.

11. What is the risk assessment and urgency level?

Risk Assessment: The risk associated with CVE-2022-23696 is assessed as High, indicated by a CVSS score of 8.8. The potential for an authenticated remote attacker to achieve complete compromise of the ClearPass Policy Manager cluster through SQL injection makes this a critical vulnerability. It could lead to significant data breaches, unauthorized modifications, and loss of control over the system.

Urgency Level: The urgency level for addressing this vulnerability is High. Given the high CVSS score, the ease of exploitation by an authenticated attacker, and the potential for complete system compromise, immediate patching and mitigation are strongly recommended to protect sensitive network access and policy management infrastructure.