Alienvault OSSIM/USM Command Execution Vulnerability

Posted by Peter Lapp on Jan 15

Details
=======

Product: Alienvault OSSIM/USM
Vulnerability: Command Execution
Author: Peter Lapp, lappsec () gmail com
CVE: None assigned
Vulnerable Versions: <=4.14.X
Fixed Version: 4.15.0

Summary
=======

Alienvault OSSIM is an open source SIEM solution designed to collect
and correlate log data. The automatic deployment option for OSSEC
agents is vulnerable to command execution as root. Authentication to
the web UI is required to exploit…

Leave a Reply