Vulnerability Description
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alienvault | Ossim | <= 5.3.6 |
| Alienvault | Unified Security Management | <= 5.3.6 |
| Nfsen | Nfsen | <= 1.3.7 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/97016Third Party AdvisoryVDB Entry
- https://sourceforge.net/p/nfsen/news/2017/01/nfsen-138-released---security-fix/Third Party Advisory
- https://www.alienvault.com/forums/discussion/8698Vendor Advisory
- https://www.exploit-db.com/exploits/42314/
- http://www.securityfocus.com/bid/97016Third Party AdvisoryVDB Entry
- https://sourceforge.net/p/nfsen/news/2017/01/nfsen-138-released---security-fix/Third Party Advisory
- https://www.alienvault.com/forums/discussion/8698Vendor Advisory
- https://www.exploit-db.com/exploits/42314/
FAQ
What is CVE-2017-6972?
CVE-2017-6972 is a vulnerability with a CVSS score of 9.8 (CRITICAL). AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulner...
How severe is CVE-2017-6972?
CVE-2017-6972 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-6972?
Check the references section above for vendor advisories and patch information. Affected products include: Alienvault Ossim, Alienvault Unified Security Management, Nfsen Nfsen.