This topic describes the recalculation of CVSS (Common Vulnerability Scoring System) against CVE-2016-6662 in AlienVault USM Appliance.
Remote Root Code Execution / Privilege Escalation:
Authenticated access to MySQL database (Over network connection, web interfaces) and SQL Injections can provide means for exploiting this vulnerability. This is open to attackers potentially executing code with root privileges for the affected version of MySQL.
Current base CVSS of 8.8 on the USM Appliance is recalculated based on the below IPtables configuration in the USM Appliance product, access to the console as root user is the only possible vector attack, CVSS for USM Appliance applicable is reported as CVSS 6.3 for this reason.
Please note regarding CVSS scoring that the USM Appliance IPtables do not allow access as reported in the CVE.
- The AlienVault USM Appliance appliances IPtables configuration blocks access to the database, limiting ability for executing code with root privileges.
- On USM Appliance Enterprise Server-DB (two different physical devices), the IPtables configuration only allows connection from the USM Appliance Server appliance itself.
For any concerns or questions feel free to contact AlienVault technical support.