CVE-2024-51771 – This vulnerability allows authenticated remote ... (How to Fix)

Q: What is the severity of CVE-2024-51771?

CVE-2024-51771 has a CVSS score of 7.2 (HIGH). This vulnerability allows authenticated remote attackers to execute arbitrary commands on HPE Aruba ClearPass Policy Manager systems through the web management interface. Organizations using affected ClearPass versions are at risk of complete system compromise.

📋 TL;DR

This vulnerability allows authenticated remote attackers to execute arbitrary commands on HPE Aruba ClearPass Policy Manager systems through the web management interface. Organizations using affected ClearPass versions are at risk of complete system compromise.

💻 Affected Systems

Products:

HPE Aruba Networking ClearPass Policy Manager

Versions: All versions prior to 6.12.9, 6.13.5, and 6.14.0

Operating Systems: ClearPass OS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the web management interface

📦 What is this software?

Clearpass Policy Manager by Arubanetworks

View all CVEs affecting Clearpass Policy Manager →

Clearpass Policy Manager by Arubanetworks

View all CVEs affecting Clearpass Policy Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise leading to data exfiltration, lateral movement, and persistent backdoor installation across the network.

🟠

Likely Case

Attackers gain administrative control over ClearPass, allowing them to modify policies, steal credentials, and pivot to other network resources.

🟢

If Mitigated

Limited impact due to network segmentation, strong authentication controls, and monitoring preventing successful exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated access but could be combined with credential theft or social engineering

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.12.9, 6.13.5, or 6.14.0

Vendor Advisory: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04761en_us&docLocale=en_US

Restart Required: No

Instructions:

1. Backup ClearPass configuration. 2. Download appropriate patch version from HPE support portal. 3. Apply patch via ClearPass web interface or CLI. 4. Verify successful update.

🔧 Temporary Workarounds

Restrict Management Interface Access

all

Limit access to ClearPass web management interface to trusted IP addresses only

Configure firewall rules to restrict access to ClearPass management ports (TCP 443, 22)

Enforce Strong Authentication

all

Require multi-factor authentication for all administrative accounts

Enable MFA in ClearPass Policy Manager settings

🧯 If You Can't Patch

Implement network segmentation to isolate ClearPass from critical systems
Enable detailed logging and monitoring for suspicious authentication attempts and command execution

🔍 How to Verify

Check if Vulnerable:

Check ClearPass version via web interface (Admin > Support > About) or CLI command 'show version'

Check Version:

show version

Verify Fix Applied:

Verify version is 6.12.9, 6.13.5, or 6.14.0 or later

📡 Detection & Monitoring

Log Indicators:

Unusual authentication patterns
Unexpected command execution in system logs
Multiple failed login attempts followed by successful login

Network Indicators:

Unusual outbound connections from ClearPass system
Traffic to unexpected ports or IP addresses

SIEM Query:

source="clearpass" AND (event_type="authentication" AND result="success" AND user="admin") OR (process_execution AND parent_process="web_server")

📊 Metadata

CVE ID: CVE-2024-51771

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-77

Published: December 3, 2024

Last Updated: April 7, 2025

🔗 References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04761en_us&docLocale=en_US Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-51771, you might also want to check these: