Lucene search

[email protected]CVE-2015-3446

HistoryMay 01, 2015 - 3:59 p.m.

CVE-2015-3446

2015-05-0115:59:08

CWE-94

[email protected]

web.nvd.nist.gov

alienvault

usm

remote code execution

cve-2015-3446

nvd

security vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.531 Medium

EPSS

Percentile

97.6%

JSON

The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file (.cfg).

Affected configurations

NVD

Node

alienvaultunified_security_managementRange≤4.14

CPENameOperatorVersion
alienvault:unified_security_managementalienvault unified security managementle4.14

CPE	Name	Operator	Version
alienvault:unified_security_management	alienvault unified security management	le	4.14

References

www.securityfocus.com/bid/74403

www.zerodayinitiative.com/advisories/ZDI-15-161/

www.alienvault.com/forums/discussion/4415/

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.531 Medium

EPSS

Percentile

97.6%

JSON

Related for CVE-2015-3446

zdi1 prion1 cvelist1 nvd1