AlienVault USM CVE-2017-14956 Cross Site Request Forgery Vulnerability

AlienVault USM is prone to an unspecified cross-site request-forgery vulnerability because the application fails to properly validate HTTP requests.

Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.

AlienVault USM 5.4.2 is vulnerable; other versions may also be affected.

Information

Bugtraq ID: 101284
Class: Design Error
CVE: CVE-2017-14956

Remote: Yes
Local: No
Published: Oct 16 2017 12:00AM
Updated: Oct 16 2017 12:00AM
Credit: Julien Ahrens from RCE Security.
Vulnerable: AlienVault Unified Security Management (UCM) 5.4.2

Not Vulnerable:

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

• Alienvault Homepage (Alienvault)
  
• [RCESEC-2017-002][CVE-2017-14956] AlienVault USM v5.4.2 "/ossim/report/wizard_em (Seclists.org)
  
• CVE-2017-14956: AlienVault USM Leaks Sensitive Compliance Information via CSRF (rcesecurity)
  

Source: www.securityfocus.com