Splunk IT Service Intelligence Injection Flaw Let Attacker Inject ANSI Codes in Log Files
Splunk has been reported with a Unauthenticated Log injection vulnerability in the Splunk IT Carrier Intelligence (ITSI) product. This vulnerability exists in Splunk ITSI versions earlier than 4.13.3 or 4.15.3.
Splunk ITSI is an Synthetic Intelligence Operations (AIOps) powered monitoring and analytics solution that gives users with visibility about the health of noteworthy IT and commercial providers and products and their infrastructure.
CVE(s):
CVE-2023-4571: Unauthenticated Log Injection in Splunk IT Carrier Intelligence (ITSI)
This vulnerability might perchance well furthermore be exploited by a risk actor by injecting an American National Customary Institute (ANSI) escape code all around the Splunk ITSI log details that can flee malicious code in the susceptible utility if a susceptible terminal utility reads it.
On the opposite hand, this vulnerability requires person interactions to be performed. The person have to read the malicious log file the utilization of a terminal utility that translates the ANSI escape codes in the susceptible terminal.
This vulnerability might perchance well furthermore be exploited by risk actors to carry out malicious actions treasure copying the malicious file from Splunk ITSI and reading it on their native machine.
The affect of this vulnerability on Splunk ITSI can vary relying upon the permission in the susceptible terminal utility. The CVSS receive for this vulnerability has been given as 8.6 (High).
Remediation
As per the protection advisory, Splunk has requested its users to enhance to model 4.13.3 or 4.15.3 to patch this vulnerability. On the opposite hand, logs earlier than the enhance might perchance well well serene be at risk. To mitigate this, users are suggested to
- Rob away existing ITSI log details in $SPLUNK_HOME/var/log/splunk/ or $SPLUNK_HOME/var/flee/splunk/dispatch//itsi_search.log
- Within the case of House windows, the log details are gift in %SPLUNK_HOME%varlogsplunk and %SPLUNK_HOME%varfleesplunkdispatch\itsi_search.log, which have to be removed.
Affected merchandise
| Product | Model | Factor | Affected Model | Repair Model |
| Splunk ITSI | 4.13 | – | 4.13.0 to 4.13.2 | 4.13.3 |
| Splunk ITSI | 4.15 | – | 4.15.0 to 4.15.2 | 4.15.3 |
Customers of Splunk ITSI are suggested to enhance to essentially the most up-to-the-minute model to repair this vulnerability and notice the mitigation steps supplied. Organizations are getting centered by a couple of risk actors from a range of perspectives.
It’s miles excessive time to rob precautionary actions against the total identified vulnerabilities and patch them accordingly to prevent any disastrous events.
Wait on suggested about essentially the most up-to-the-minute Cyber Security News by following us on Google News, Linkedin, Twitter, and Fb.
Source credit : cybersecuritynews.com
