AlienVault Unified Security Management av-forward Deserialization of Untrusted Data Exploit

This update introduces an exploit for AlienVault Unified Security Management. A vulnerability exists in the av-forward daemon running in AlienVault Unified Security Management appliances. The daemon accepts serialized Python and proceeds to deserialize it without proper validation, allowing unauthenticated arbitrary code execution.
Exploit type: 
Platform: 
Vulnerabilty ID: 
NOCVE-9999-74938
Product Version: 
2015_R1
Released Date: 
Monday, December 14, 2015 - 00:00