8.6
CWE
74 117 116
Advisory Published
Updated

CVE-2023-4571: Unauthenticated Log Injection in Splunk IT Service Intelligence (ITSI)

First published: Wed Aug 30 2023(Updated: )

In Splunk IT Service Intelligence (ITSI) versions below 4.13.3 or 4.15.3, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log files that, when a vulnerable terminal application reads them, can run malicious code in the vulnerable application. This attack requires a user to use a terminal application that translates ANSI escape codes to read the malicious log file locally in the vulnerable terminal. The vulnerability also requires additional user interaction to succeed. The vulnerability does not directly affect Splunk ITSI. The indirect impact on Splunk ITSI can vary significantly depending on the permissions in the vulnerable terminal application, as well as where and how the user reads the malicious log file. For example, users can copy the malicious file from Splunk ITSI and read it on their local machine.

Credit: prodsec@splunk.com prodsec@splunk.com

Affected SoftwareAffected VersionHow to fix
Splunk IT Service Intelligence>=4.13.0<4.13.3
Splunk IT Service Intelligence>=4.15.0<4.15.3
>=4.13.0<4.13.3
>=4.15.0<4.15.3
=4.17.0

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the vulnerability ID of this Splunk IT Service Intelligence vulnerability?

    The vulnerability ID of this Splunk IT Service Intelligence vulnerability is CVE-2023-4571.

  • What is the severity level of vulnerability CVE-2023-4571?

    The severity level of vulnerability CVE-2023-4571 is high (8.6).

  • What can a malicious actor do with vulnerability CVE-2023-4571?

    A malicious actor can inject ANSI escape codes into Splunk ITSI log files, which can run malicious code in vulnerable terminal applications.

  • Which versions of Splunk IT Service Intelligence are affected by vulnerability CVE-2023-4571?

    Versions below 4.13.3, 4.15.3, or 4.17.1 of Splunk IT Service Intelligence are affected by vulnerability CVE-2023-4571.

  • Where can I find more information about vulnerability CVE-2023-4571?

    You can find more information about vulnerability CVE-2023-4571 at this URL: https://advisory.splunk.com/advisories/SVD-2023-0810.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203