Last week a vulnerability was reported to us by Peter Lapp via Zero Day Initiative (ZDI). The vulnerability is an authentication bypass issue that could lead to code execution. The vulnerability impacts all versions of USM and OSSIM v5.3 and earlier.
We have confirmed and resolved this issue. An update is now available on the AlienVault update server. Updating to v5.3.1 will prevent the vulnerability from being exploited in AlienVault USM and OSSIM.
What You Should Do
Update all appliances to v5.3.1 as soon as possible.
If you have applied an AlienVault-provided hotfix since the 5.3 release or you are not able to update right away, please contact AlienVault Support and they can help you to apply a hotfix directly in your appliance(s) until you are able to upgrade.
How to Get Help
If you have any questions or experience any issues resulting from this update, please reach out to our Support Team ([email protected]).
Please note that all issues that were previously scheduled to be fixed in 5.3.1 have been pushed back to 5.3.2. We're targeting to make that release available in a couple weeks. Stand by for updates...