CVE-2009-4372 in Open Source Security Information Managementinfo

Summary

by MITRE

AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary commands via shell metacharacters in the uniqueid parameter to (1) wcl.php, (2) storage_graphs.php, (3) storage_graphs2.php, (4) storage_graphs3.php, and (5) storage_graphs4.php in sem/.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 07/28/2025

AlienVault OSSIM version 2.1.5 and earlier contains a critical command injection vulnerability that affects multiple web scripts within the sem/ directory. This vulnerability stems from insufficient input validation and sanitization of the uniqueid parameter, which is processed in five distinct PHP scripts including wcl.php and various storage_graphs.php files. The flaw enables remote attackers to execute arbitrary system commands through the deliberate insertion of shell metacharacters, fundamentally compromising the integrity and confidentiality of the affected system. The vulnerability represents a classic command injection flaw that aligns with CWE-77, which specifically addresses improper neutralization of special elements used in operating system commands.

The technical exploitation of this vulnerability occurs when an attacker crafts malicious input containing shell metacharacters such as semicolons, ampersands, or backticks in the uniqueid parameter. When these scripts process the unvalidated input without proper sanitization, the operating system interprets the injected commands as legitimate system instructions. This allows attackers to execute commands with the privileges of the web server process, potentially leading to complete system compromise. The attack surface is expanded due to the multiple affected scripts, providing attackers with several potential entry points and increasing the likelihood of successful exploitation.

The operational impact of this vulnerability is severe and multifaceted, as it provides attackers with unrestricted command execution capabilities on the affected OSSIM server. An attacker could potentially gain access to sensitive security data, modify system configurations, install backdoors, or even escalate privileges to root access depending on the underlying system permissions. The vulnerability affects organizations relying on OSSIM for security information management, potentially exposing their entire security infrastructure to unauthorized access. This flaw directly violates the principle of least privilege and represents a critical failure in input validation, creating a persistent threat vector that could remain undetected for extended periods.

Organizations should immediately implement mitigations including updating to version 2.1.5-4 or later, which contains the necessary patches to address this vulnerability. Network segmentation and firewall rules should be implemented to restrict access to the affected scripts, while input validation should be strengthened through proper sanitization of all user-supplied parameters. Security monitoring should be enhanced to detect unusual command execution patterns, and regular security assessments should be conducted to identify similar vulnerabilities in other components. This vulnerability also highlights the importance of following the principle of least privilege and implementing proper input validation as outlined in the OWASP Top 10 and MITRE ATT&CK framework, specifically addressing techniques related to command injection and privilege escalation.

Reservation

12/21/2009

Disclosure

12/21/2009

Moderation

accepted

Entry

VDB-51241

CPE

ready

Exploit

Download

EPSS

0.04819

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!