RCE in Alienvault Unified_security_management

CVE-2015-3446

The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file (.cfg).

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.015 (81.3th percentile) — read the EPSS interpretation.

Affected products

Alienvault Unified_security_management
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
74403 (vdb-entry, x_refsource_BID)