ID CVE-2017-6972
Summary AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971.
References
Vulnerable Configurations
  • cpe:2.3:a:alienvault:ossim:*:*:*:*:*:*:*:*
    cpe:2.3:a:alienvault:ossim:*:*:*:*:*:*:*:*
  • cpe:2.3:a:alienvault:unified_security_management:4.14:*:*:*:*:*:*:*
    cpe:2.3:a:alienvault:unified_security_management:4.14:*:*:*:*:*:*:*
  • cpe:2.3:a:nfsen:nfsen:-:*:*:*:*:*:*:*
    cpe:2.3:a:nfsen:nfsen:-:*:*:*:*:*:*:*
  • cpe:2.3:a:nfsen:nfsen:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:nfsen:nfsen:1.2.3:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE CWE-273
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
assigner via4 cve@mitre.org
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 97016
confirm
exploit-db 42314
vulnerable_product via4
  • cpe:2.3:a:alienvault:ossim:*:*:*:*:*:*:*:*
  • cpe:2.3:a:alienvault:unified_security_management:4.14:*:*:*:*:*:*:*
  • cpe:2.3:a:nfsen:nfsen:-:*:*:*:*:*:*:*
  • cpe:2.3:a:nfsen:nfsen:1.2.3:*:*:*:*:*:*:*
Last major update 03-10-2019 - 00:03
Published 22-03-2017 - 20:59
Back to Top