Vulnerability Details : CVE-2017-14956
AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizard_email.php" script. Besides offering an export via a local download, the script also offers the possibility to send out any report via email to a given address (either in PDF or XLS format). Since there is no anti-CSRF token protecting this functionality, it is vulnerable to Cross-Site Request Forgery attacks.
Vulnerability category: Cross-site request forgery (CSRF)
Products affected by CVE-2017-14956
- cpe:2.3:a:alienvault:unified_security_management:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-14956
0.38%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 73 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-14956
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:P/I:N/A:N |
6.8
|
2.9
|
NIST | |
5.7
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N |
2.1
|
3.6
|
NIST |
CWE ids for CVE-2017-14956
-
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-14956
-
http://seclists.org/fulldisclosure/2017/Oct/32
Full Disclosure: [RCESEC-2017-002][CVE-2017-14956] AlienVault USM v5.4.2 "/ossim/report/wizard_email.php" Cross-Site Request Forgery leading to Sensitive Information DisclosureExploit;Mailing List;Third Party Advisory
-
http://www.securityfocus.com/bid/101284
AlienVault USM CVE-2017-14956 Cross Site Request Forgery VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/archive/1/541342/100/0/threaded
SecurityFocusThird Party Advisory;VDB Entry
-
https://www.rcesecurity.com/2017/10/cve-2017-14956-alienvault-usm-leaks-sensitive-compliance-information-via-csrf/
CVE-2017-14956: AlienVault USM Leaks Sensitive Compliance Information via CSRF - RCE SecurityExploit;Third Party Advisory
-
https://www.exploit-db.com/exploits/42988/
AlienVault Unified Security Management (USM) 5.4.2 - Cross-Site Request ForgeryExploit;Third Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/144617/AlienVault-USM-5.4.2-Cross-Site-Request-Forgery.html
AlienVault USM 5.4.2 Cross Site Request Forgery ≈ Packet StormExploit;Third Party Advisory;VDB Entry
Jump to