First published: Wed Aug 30 2023(Updated: )
In Splunk IT Service Intelligence (ITSI) versions below 4.13.3 or 4.15.3, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log files that, when a vulnerable terminal application reads them, can run malicious code in the vulnerable application. This attack requires a user to use a terminal application that translates ANSI escape codes to read the malicious log file locally in the vulnerable terminal. The vulnerability also requires additional user interaction to succeed. The vulnerability does not directly affect Splunk ITSI. The indirect impact on Splunk ITSI can vary significantly depending on the permissions in the vulnerable terminal application, as well as where and how the user reads the malicious log file. For example, users can copy the malicious file from Splunk ITSI and read it on their local machine.
Credit: prodsec@splunk.com prodsec@splunk.com
Affected Software | Affected Version | How to fix |
---|---|---|
Splunk IT Service Intelligence | >=4.13.0<4.13.3 | |
Splunk IT Service Intelligence | >=4.15.0<4.15.3 | |
>=4.13.0<4.13.3 | ||
>=4.15.0<4.15.3 | ||
=4.17.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this Splunk IT Service Intelligence vulnerability is CVE-2023-4571.
The severity level of vulnerability CVE-2023-4571 is high (8.6).
A malicious actor can inject ANSI escape codes into Splunk ITSI log files, which can run malicious code in vulnerable terminal applications.
Versions below 4.13.3, 4.15.3, or 4.17.1 of Splunk IT Service Intelligence are affected by vulnerability CVE-2023-4571.
You can find more information about vulnerability CVE-2023-4571 at this URL: https://advisory.splunk.com/advisories/SVD-2023-0810.