CVE-2017-6972

Published: Mar 22, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971.

Affected (3)

Products: Alienvault: Ossim, Unified Security Management · Nfsen: Nfsen

Alienvault

2 products

Ossim

Unified Security Management

Nfsen

1 product

Nfsen

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Alienvault Ossim	Up to 5.3.6
Alienvault Unified Security Management	Up to 5.3.6

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Nfsen Nfsen	Up to 1.3.7

Related CWEs

CWE-273

Improper Check for Dropped Privileges

The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.

References (8)

http://www.securityfocus.com/bid/97016

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://sourceforge.net/p/nfsen/news/2017/01/nfsen-138-released---security-fix/

Source: cve@mitre.org

Third Party Advisory

https://www.alienvault.com/forums/discussion/8698

Source: cve@mitre.org

Vendor Advisory

https://www.exploit-db.com/exploits/42314/

Source: cve@mitre.org

http://www.securityfocus.com/bid/97016

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://sourceforge.net/p/nfsen/news/2017/01/nfsen-138-released---security-fix/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.alienvault.com/forums/discussion/8698

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.exploit-db.com/exploits/42314/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.