https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-007.txt
の
Authentication Bypass Leading to Remote Code Execution in
ClearPass Policy Manager Web-Based Management Interface
(CVE-2022-23657, CVE-2022-23658, CVE-2022-23660)
の記載で
Vulnerabilities in the web-based management interface of
ClearPass Policy Manager could allow an unauthenticated
remote attacker to run arbitrary commands on the underlying
host. Successful exploitation of these vulnerabilities
allow an attacker to execute arbitrary commands as root on
the underlying operating system leading to complete system
compromise.
とありますが、
"on the underlying host"
"on the underlying operating system"
は ClearPassの認証ユーザ端末 という理解でよろしいのでしょうか。
------------------------------
Tamami Kawakami
------------------------------