Published: 22/03/2017 Updated: 03/10/2019

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 8.4 | Impact Score: 5.9 | Exploitability Score: 2.5

VMScore: 465

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Subscribe to Unified Security Management

AlienVault USM and OSSIM prior to 5.3.7 and NfSen prior to 1.3.8 allow local users to execute arbitrary commands in a privileged context via an NfSen socket, aka AlienVault ID ENG-104863.

Vulnerable Product	Search on Vulmon	Subscribe to Product
alienvault unified security management
alienvault ossim
nfsen nfsen

# Exploit Title: Local root exploit affecting NfSen <= 137, AlienVault USM/OSSIM <= 536 # Version: NfSen 137 # Version: AlienVault 536 # Date: 2017-07-10 # Vendor Homepage: nfsensourceforgenet/ # Vendor Homepage: wwwalienvaultcom/ # Software Link: sourceforgenet/projects/nfsen/files/stable/nfsen-137/nfsen- ...

NfSen versions 137 and below and AlienVault USM/OSSIM versions 536 and below suffer from a local privilege escalation vulnerability ...

CWE-78 https://www.alienvault.com/forums/discussion/8325/https://sourceforge.net/p/nfsen/news/2017/01/nfsen-138-released---security-fix/https://www.alienvault.com/forums/discussion/8698 https://www.exploit-db.com/exploits/42305/https://nvd.nist.gov https://www.exploit-db.com/exploits/42305/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-6970

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect