| CVE ID | |
| CVSS SCORE | 10.0, AV:N/AC:L/Au:N/C:C/I:C/A:C |
| AFFECTED VENDORS |
AlienVault |
| AFFECTED PRODUCTS |
Unified Security Management |
| VULNERABILITY DETAILS |
The specific flaw exists within the logcheck function in session.inc. By providing a specific value as a user-agent, an attacker can bypass authentication to a number of pages. In addition to viewing information, it's possible to modify the application and achieve arbitrary code execution as root. |
| ADDITIONAL DETAILS |
AlienVault has issued an update to correct this vulnerability. More details can be found at:
https://www.alienvault.com/forums/discussion/7765/alienvault-v5-3-1-hotfix |
| DISCLOSURE TIMELINE |
|
| CREDIT | Peter Lapp (lappsec) |
