Splunk RCE Vulnerability Let Attackers Upload Malicious File

by Esmeralda McKenzie
Splunk RCE Vulnerability Let Attackers Upload Malicious File

Splunk RCE Vulnerability Let Attackers Upload Malicious File

Splunk RCE Vulnerability

A excessive-severity A long way-off Code Execution (RCE) flaw in Splunk Carrying out has been found, enabling an attacker so that you would possibly perchance add malicious files.

Variations of Splunk Carrying out lower than 9.0.7 and 9.1.2 produce no longer smartly sanitize particular person-provided extended stylesheet language transformations (XSLT). This implies that a malicious XSLT would possibly furthermore be uploaded by an attacker, that would furthermore spark off faraway code execution on the Splunk Carrying out occasion.

EHA

Specifics of the Splunk RCE Flaw

With a CVSSv3.1 Rating of 8.0, this vulnerability is classified as excessive severity and tracked as CVE-2023-46214.

“In Splunk Carrying out versions below 9.0.7 and 9.1.2, Splunk Carrying out does no longer safely sanitize extensible stylesheet language transformations (XSLT) that users provide”, in step with Splunk advisory.

The attack would possibly furthermore be precipitated remotely, and the modification causes an XML injection. Since the product does no longer accurately neutralize XML’s special parts, attackers would possibly furthermore alter the XML commands, articulate material, or syntax prior to an pause machine processes it.

Doc

Free Webinar

Dwell API Attack Simulation Webinar

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Merchandise at Indusface prove how APIs would possibly furthermore be hacked. The session will quilt: an exploit of OWASP API High 10 vulnerability, a brute power story take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP would possibly furthermore bolster security over an API gateway

In accordance to a researcher who outlines the approach for identifying the vulnerability utilizing the stout proof of thought exploit and the CVE description, the next steps were adopted:

  • Crafted right XSL file
  • Obvious requirements to reach vuln code
  • Acknowledged inclined endpoint
  • Predictable add file plan
  • Know where to write script
  • Style script
d0qAu43rljmZ8Xpe8aktuhiTPwh7LW942wISj
Discovering an Endpoint

Mounted Version

g6b7x94n5gAdRK9PiCz8Odni3X3kANy vPkWDpyy4xHnoneO1hDP9ADHvewjWce686jHtt63aee3nz0EgdyekbVN8OuB nSlLMaTTs0XD q8fnHIUtaL3
Splunk Variations

Recommendation

It is counseled that users update to Splunk Carrying out model 9.0.7 or 9.1.2.

Source credit : cybersecuritynews.com

Related Posts