CVE-2017-14956
CVE-2017-14956
AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizard_email.php" script. Besides offering an export via a local download, the script also offers the possibility to send out any report via email to a given address (either in PDF or XLS format). Since there is no anti-CSRF token protecting this functionality, it is vulnerable to Cross-Site Request Forgery attacks.
Affected products
n/a · n/apublic PoCs found — 3
cve_referencepacketstormsecurity.com/files/144617/AlienVault-USM-5.4.2-Cross-Site-Request-Forgery.htmlunverifiedcve_referencewww.exploit-db.com/exploits/42988/unverifiedexploitdbwww.exploit-db.com/exploits/42988unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/144617/AlienVault-USM-5.4.2-Cross-Site-Request-Forgery.htmlhttp://seclists.org/fulldisclosure/2017/Oct/32https://www.exploit-db.com/exploits/42988/https://www.rcesecurity.com/2017/10/cve-2017-14956-alienvault-usm-leaks-sensitive-compliance-information-via-csrf/http://www.securityfocus.com/archive/1/541342/100/0/threadedhttp://www.securityfocus.com/bid/101284