Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2017-6972

Published: 22/03/2017 Updated: 03/10/2019
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

AlienVault USM and OSSIM prior to 5.3.7 and NfSen prior to 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

alienvault ossim

alienvault unified security management

nfsen nfsen

Exploits

Exploit DB: NfSen < 1.3.7 / AlienVault OSSIM 4.3.1 - 'customfmt' Command Injection
# Exploit Title: NfSen/AlienVault remote root exploit (command injection in customfmt parameter) # Version: NfSen 136p1, 137 and 137-1~bpo80+1_all Previous versions are also likely to be affected # Version: AlienVault USM/OSSIM &lt; 431 # Date: 2017-07-10 # Vendor Homepage: nfsensourceforgenet/ # Vendor Homepage: wwwalien ...
Exploit DB: NfSen 1.3.7 / AlienVault OSSIM 4.3.1 customfnt Command Injection
NfSen version 137 and AlienVault OSSIM version 431 suffer from a customfmt command injection vulnerability ...

References

CWE-273https://www.alienvault.com/forums/discussion/8698https://sourceforge.net/p/nfsen/news/2017/01/nfsen-138-released---security-fix/http://www.securityfocus.com/bid/97016https://www.exploit-db.com/exploits/42314/https://nvd.nist.govhttps://www.exploit-db.com/exploits/42314/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316firmwareCVE-2024-30078CVE-2024-5995remote code executionlogic flawCVE-2024-20693CVE-2024-37315CVE-2024-5464
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook