Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-4571— Unauthenticated Log Injection in Splunk IT Service Intelligence (ITSI)

CVSS 8.6 · High EPSS 0.07% · P22
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-4571

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Unauthenticated Log Injection in Splunk IT Service Intelligence (ITSI)
Source: NVD (National Vulnerability Database)
Vulnerability Description
In Splunk IT Service Intelligence (ITSI) versions below below 4.13.3, 4.15.3, or 4.17.1, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log files that, when a vulnerable terminal application reads them, can run malicious code in the vulnerable application. This attack requires a user to use a terminal application that translates ANSI escape codes to read the malicious log file locally in the vulnerable terminal. The vulnerability also requires additional user interaction to succeed. The vulnerability does not directly affect Splunk ITSI. The indirect impact on Splunk ITSI can vary significantly depending on the permissions in the vulnerable terminal application, as well as where and how the user reads the malicious log file. For example, users can copy the malicious file from Splunk ITSI and read it on their local machine.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
日志输出的转义处理不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Splunk 注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Splunk是美国Splunk公司的一套数据收集分析软件。该软件主要用于收集、索引和分析及其所产生的数据,包括所有IT系统和基础结构(物理、虚拟机和云)生成的数据。 Splunk IT Service Intelligence 存在注入漏洞,该漏洞源于可以将 ANSI 转义码注入 Splunk ITSI 日志文件中。当易受攻击的终端应用程序读取这些文件时,可以在易受攻击的应用程序中运行恶意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
SplunkSplunk ITSI 4.13 ~ 4.13.3 -

II. Public POCs for CVE-2023-4571

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-4571

登录查看更多情报信息。

Same Patch Batch · Splunk · 2023-08-30 · 8 CVEs total

CVE-2023-405958.8 HIGHRemote Code Execution via Serialized Session Payload
CVE-2023-405988.5 HIGHCommand Injection in Splunk Enterprise Using External Lookups
CVE-2023-405928.4 HIGHReflected Cross-site Scripting (XSS) on "/app/search/table" web endpoint
CVE-2023-405977.8 HIGHAbsolute Path Traversal in Splunk Enterprise Using runshellscript.py
CVE-2023-405967.0 HIGHSplunk Enterprise on Windows Privilege Escalation due to Insecure OPENSSLDIR Build Definit
CVE-2023-405946.5 MEDIUMDenial of Service (DoS) via the ‘printf’ Search Function
CVE-2023-405936.3 MEDIUMDenial of Service (DoS) in Splunk Enterprise Using a Malformed SAML Request

IV. Related Vulnerabilities

Same vendor: Splunk
Same weakness: CWE-117

V. Comments for CVE-2023-4571

No comments yet

Leave a comment