The AlienVault product team has released a hotfix (v5.5.1) to address a vulnerability discovered in USM Appliance and AlienVault OSSIM. Recently, a security researcher (Henry Huang) at CyCarrier CSIRT identified a remote code execution vulnerability in the USM Appliance web interface. After thorough analysis, it was determined that the severity of the vulnerability warranted a hotfix update.
If your USM Appliance is exposed to the internet, it is critical to patch immediately.
This vulnerability has been assigned CVE-2018-7279. CyCarrier has agreed to let AlienVault evaluate and patch this vulnerability before making the information publicly available. Our internal security researchers have evaluated the CVSS Overall score to be "8.4".
What We Have Done
We have identified and resolved the issue. An update is now available on the AlienVault update server. Applying the update will patch your system(s) and eliminate the vulnerability.
What You Should Do
All AlienVault OSSIM and USM Appliance customers should upgrade. All previous versions of AlienVault OSSIM and USM Appliance are vulnerable.