CVE-2017-6972

CRITICAL

AlienVault USM/OSSIM <5.3.7 & NfSen <1.3.8 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-6972. PoCs published by Paul Taylor.

AI-analyzed exploit summary This exploit leverages a command injection vulnerability in the 'customfmt' parameter of NfSen/AlienVault, allowing remote authenticated attackers to execute arbitrary commands as root. The PoC demonstrates a reverse shell payload using netcat.

Description

AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Paul Taylor · textwebappslinux

https://www.exploit-db.com/exploits/42314

View Code ZIP pw:eip

This exploit leverages a command injection vulnerability in the 'customfmt' parameter of NfSen/AlienVault, allowing remote authenticated attackers to execute arbitrary commands as root. The PoC demonstrates a reverse shell payload using netcat.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: NfSen 1.3.6p1, 1.3.7, 1.3.7-1~bpo80+1_all; AlienVault USM/OSSIM < 4.3.1

Auth required

Prerequisites: Authenticated access to the NfSen/AlienVault web interface · Netcat installed on the target for the reverse shell payload

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory x_refsource_confirm

https://sourceforge.net/p/nfsen/news/2017/01/nfsen-138-released---security-fix/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/97016

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/42314/

Vendor Advisory x_refsource_confirm

https://www.alienvault.com/forums/discussion/8698

Scores

CVSS v3 9.8

EPSS 0.1460

EPSS Percentile 96.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-273

Status published

Products (3)

alienvault/ossim < 5.3.6

alienvault/unified_security_management < 5.3.6

nfsen/nfsen < 1.3.7

Published Mar 22, 2017

Tracked Since Feb 18, 2026