fkie_cve-2023-4571
Vulnerability from fkie_nvd
Published
2023-08-30 17:15
Modified
2024-12-10 18:15
Severity ?
8.6 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
8.6 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
In Splunk IT Service Intelligence (ITSI) versions below below 4.13.3, 4.15.3, or 4.17.1, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log files that, when a vulnerable terminal application reads them, can run malicious code in the vulnerable application. This attack requires a user to use a terminal application that translates ANSI escape codes to read the malicious log file locally in the vulnerable terminal. The vulnerability also requires additional user interaction to succeed. The vulnerability does not directly affect Splunk ITSI. The indirect impact on Splunk ITSI can vary significantly depending on the permissions in the vulnerable terminal application, as well as where and how the user reads the malicious log file. For example, users can copy the malicious file from Splunk ITSI and read it on their local machine.
References
prodsec@splunk.comhttps://advisory.splunk.com/advisories/SVD-2023-0810Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://advisory.splunk.com/advisories/SVD-2023-0810Vendor Advisory
Impacted products
Vendor Product Version
splunk it_service_intelligence *
splunk it_service_intelligence *
splunk it_service_intelligence 4.17.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:splunk:it_service_intelligence:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E557D1C-D83F-4E0D-9023-360D6E24E905",
              "versionEndExcluding": "4.13.3",
              "versionStartIncluding": "4.13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:it_service_intelligence:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE549D5E-7FAD-4F02-A1A0-51E3B67EFB92",
              "versionEndExcluding": "4.15.3",
              "versionStartIncluding": "4.15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:it_service_intelligence:4.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD40ABCB-B22E-4733-833B-09C7DB6D19DF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Splunk IT Service Intelligence (ITSI) versions below below 4.13.3, 4.15.3, or 4.17.1, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log files that, when a vulnerable terminal application reads them, can run malicious code in the vulnerable application. This attack requires a user to use a terminal application that translates ANSI escape codes to read the malicious log file locally in the vulnerable terminal. The vulnerability also requires additional user interaction to succeed. \n\nThe vulnerability does not directly affect Splunk ITSI. The indirect impact on Splunk ITSI can vary significantly depending on the permissions in the vulnerable terminal application, as well as where and how the user reads the malicious log file. For example, users can copy the malicious file from Splunk ITSI and read it on their local machine."
    },
    {
      "lang": "es",
      "value": "En Splunk IT Service Intelligence (ITSI) versiones por debajo de 4.13.3, 4.15.3, o 4.17.1, un actor malicioso puede inyectar American National Standards Institute (ANSI) c\u00f3digos de escape en Splunk ITSI archivos de registro que, cuando una aplicaci\u00f3n de terminal vulnerable los lee, puede ejecutar c\u00f3digo malicioso en la aplicaci\u00f3n vulnerable. Este ataque requiere que un usuario utilice una aplicaci\u00f3n de terminal que traduzca los c\u00f3digos de escape ANSI para leer el archivo de registro malicioso localmente en el terminal vulnerable. La vulnerabilidad tambi\u00e9n requiere interacci\u00f3n adicional del usuario para tener \u00e9xito.\n\nLa vulnerabilidad no afecta directamente a Splunk ITSI. El impacto indirecto en Splunk ITSI puede variar significativamente dependiendo de los permisos en la aplicaci\u00f3n de terminal vulnerable, as\u00ed como d\u00f3nde y c\u00f3mo el usuario lee el archivo de registro malicioso. Por ejemplo, los usuarios pueden copiar el archivo malicioso de Splunk ITSI y leerlo en su m\u00e1quina local."
    }
  ],
  "id": "CVE-2023-4571",
  "lastModified": "2024-12-10T18:15:26.880",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 6.0,
        "source": "prodsec@splunk.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-08-30T17:15:11.080",
  "references": [
    {
      "source": "prodsec@splunk.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://advisory.splunk.com/advisories/SVD-2023-0810"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://advisory.splunk.com/advisories/SVD-2023-0810"
    }
  ],
  "sourceIdentifier": "prodsec@splunk.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-117"
        }
      ],
      "source": "prodsec@splunk.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-116"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.