AlienVault USM/OSSIM 5.3.4 / 5.3.5 Remote Command Execution

This Metasploit module exploits an unauthenticated command injection in Alienvault USM/OSSIM versions 5.3.4 and 5.3.5. The vulnerability lies in an API function that does not check for authentication and then passes user input directly to a system call as root.

Leave a Reply