CVE-2017-6971
First published: Wed Mar 22 2017(Updated: )
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| AlienVault OSSIM | <=5.3.6 | |
| AlienVault Unified Security Management | <=5.3.6 | |
| Nfsen Nfsen | <=1.3.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-6971?
The severity of CVE-2017-6971 is rated as critical with a score of 8.8.
How do I fix CVE-2017-6971?
To fix CVE-2017-6971, upgrade to AlienVault USM and OSSIM version 5.3.7 or later, and NfSen version 1.3.8 or later.
What types of attacks are possible with CVE-2017-6971?
CVE-2017-6971 allows remote authenticated users to execute arbitrary commands and launch a reverse shell.
Which versions of software are affected by CVE-2017-6971?
CVE-2017-6971 affects AlienVault USM and OSSIM versions prior to 5.3.7, and NfSen versions prior to 1.3.8.
What security risks does CVE-2017-6971 pose?
CVE-2017-6971 poses significant security risks due to the potential for unauthorized command execution in a privileged context.
- collector/nvd-index
- vendor/alienvault
- product/ossim
- canonical/alienvault ossim
- product/unified security management
- canonical/alienvault unified security management
- vendor/nfsen
- product/nfsen
- canonical/nfsen nfsen