CVE-2023-4571

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

30/08/2023

Last modified:

10/12/2024

Description

In Splunk IT Service Intelligence (ITSI) versions below below 4.13.3, 4.15.3, or 4.17.1, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log files that, when a vulnerable terminal application reads them, can run malicious code in the vulnerable application. This attack requires a user to use a terminal application that translates ANSI escape codes to read the malicious log file locally in the vulnerable terminal. The vulnerability also requires additional user interaction to succeed. <br /> <br /> The vulnerability does not directly affect Splunk ITSI. The indirect impact on Splunk ITSI can vary significantly depending on the permissions in the vulnerable terminal application, as well as where and how the user reads the malicious log file. For example, users can copy the malicious file from Splunk ITSI and read it on their local machine.

Impact

Vector 3.x

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 8.60 HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope (S): Changed
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x

8.60

Severity 3.x

HIGH

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:splunk:it_service_intelligence::::::::	4.13.0 (including)	4.13.3 (excluding)
cpe:2.3:a:splunk:it_service_intelligence::::::::	4.15.0 (including)	4.15.3 (excluding)
cpe:2.3:a:splunk:it_service_intelligence:4.17.0:::::::*

To consult the complete list of CPE names with products and versions, see this page

CVE-2023-4571

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools