CVE-2017-6971 PoC — AlienVault USM、OSSIM和NfSen 安全漏洞

Source

https://github.com/patrickfreed/nfsen-exploit

Associated Vulnerability

Title:AlienVault USM、OSSIM和NfSen 安全漏洞 (CVE-2017-6971)
Description:AlienVault USM和OSSIM都是美国AlienVault公司的产品。USM是一套提供了安全监控、安全事件管理和报告、威胁感知系统等功能的安全管理平台。OSSIM是一套开源的安全信息管理系统。NfSen是一个nfdump（一款开源的netflow收集、存储、过滤、统计分析工具）的基于Web的前端。 AlienVault USM和OSSIM 5.3.4及之前的版本和NfSen 1.3.8之前的版本中存在安全漏洞。远程攻击者可利用该漏洞执行任意命令。

Description

Exploit for CVE-2017-6971 remote command execution in nfsen 1.3.7.

Readme

# nfsen-exploit
Exploit for CVE-2017-6971 remote command execution in nfsen 1.3.7.

Tested on Ubuntu, probably works on everything

Vulnerability discovered by Paul Taylor/Foregenix Ltd

**Usage:** `python exploit.py <local ip> <local port> <target ip> <path>`
This generates a root-level shell on the remote machine.

File Snapshot


 [4.0K]  /data/pocs/d176b73600225fe014f10fb82512b983c68020d8
├── [2.6K]  exploit.py
└── [ 318]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!