An exploit that allows an attacker to remotely execute commands on an Aurba 501 device. By manipulating the 'ping_ip' parameter in a POST request, an attacker can inject arbitrary commands, leading to unauthorized access.
The analysis discovered a stored cross site scripting vulnerability (OWASP OTG-INPVAL-002) in the ClearPass Policy Manager. A malicious unauthenticated user is able to inject arbitrary script through the login form that may be rendered and triggered later if a privileged authenticated user reviews the access audit record. An attack can use the aforementioned vulnerability to effectively steal session cookies of privileged logged on users.