CVE-2017-6970

moderate-risk

Published 2017-03-22

AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to execute arbitrary commands in a privileged context via an NfSen socket, aka AlienVault ID ENG-104863.

Do I need to act?

0.53% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

42305

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.4/10 High

LOCAL / LOW complexity

Affected Products (3)

Ossim

Unified Security Management

Nfsen

Affected Vendors

Nfsen Alienvault

References (8)

https://sourceforge.net/p/nfsen/news/2017/01/nfsen-138-released---security-fix/

https://www.alienvault.com/forums/discussion/8325/

https://www.alienvault.com/forums/discussion/8698

https://www.exploit-db.com/exploits/42305/

https://sourceforge.net/p/nfsen/news/2017/01/nfsen-138-released---security-fix/

https://www.alienvault.com/forums/discussion/8325/

https://www.alienvault.com/forums/discussion/8698

https://www.exploit-db.com/exploits/42305/

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 9/34 · Low

Exposure 9/34 · Low