CVE-2017-6971

HIGH

AlienVault USM/OSSIM <5.3.7/NfSen <1.3.8 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2017-6971. PoCs published by Paul Taylor, patrickfreed, KeyStrOke95.

AI-analyzed exploit summary This exploit leverages a command injection vulnerability in NfSen/AlienVault via crafted IPC queries, allowing remote authenticated attackers to execute arbitrary commands as root. The PoC demonstrates a reverse shell payload using Netcat.

Description

AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Paul Taylor · textwebappslinux
https://www.exploit-db.com/exploits/42306

This exploit leverages a command injection vulnerability in NfSen/AlienVault via crafted IPC queries, allowing remote authenticated attackers to execute arbitrary commands as root. The PoC demonstrates a reverse shell payload using Netcat.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: NfSen 1.3.6p1, 1.3.7, 1.3.7-1~bpo80+1_all, AlienVault 5.3.4
Auth required
Prerequisites: Authenticated session with a valid PHPSESSID · Netcat available on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 4 stars
by patrickfreed · poc
https://github.com/patrickfreed/nfsen-exploit

This exploit leverages a command injection vulnerability in nfsen 1.3.7 (CVE-2017-6971) to achieve remote code execution. It sends a crafted payload via the 'customfmt' parameter in a POST request, resulting in a reverse shell with root privileges.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: nfsen 1.3.7
No auth needed
Prerequisites: Network access to the target · nfsen 1.3.7 running on the target · Python environment to run the exploit
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by KeyStrOke95 · poc
https://github.com/KeyStrOke95/nfsen_1.3.7_CVE-2017-6971

This exploit targets a command injection vulnerability in nfsen 1.3.7 (CVE-2017-6971) by injecting a payload into the 'customfmt' parameter. It attempts to escalate privileges by modifying the ownership and permissions of /tmp/bash to gain root access.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: nfsen 1.3.7
No auth needed
Prerequisites: Access to the vulnerable nfsen web interface · Ability to send HTTP requests to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Vendor Advisory x_refsource_confirm
https://www.alienvault.com/forums/discussion/8325/
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42306/
Vendor Advisory x_refsource_confirm
https://www.alienvault.com/forums/discussion/8698

Scores

CVSS v3 8.8
EPSS 0.1618
EPSS Percentile 96.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-74
Status published
Products (3)
alienvault/ossim < 5.3.6
alienvault/unified_security_management < 5.3.6
nfsen/nfsen < 1.3.7
Published Mar 22, 2017
Tracked Since Feb 18, 2026