Splunk SOAR Unauthenticated Log Injection Let attackers Execute Malicious Code

Splunk has found a vulnerability that enables unauthenticated log injection, which can possibly well enable malicious actors to jog sinful code on the system.

Splunk SOAR (Safety Orchestration, Automation, and Response) is an utility that will doubtless be old to automate repetitive tasks and acknowledge to security incidents snappily, which leads to better productiveness. It is going to additionally be old to automate responses utilizing playbooks from one interface.

The vulnerability exists within the Splunk SOAR which additionally requires a terminal utility capable of translating ANSI jog codes. In addition, the terminal additionally must discover required permission to employ this vulnerability.

CVE-2023-3997: Unauthenticated Log Injection In Splunk SOAR

A chance actor can exploit this vulnerability by sending a malicious web inquire to an endpoint within the SOAR. When a terminal user makes an try to ogle the poisoned logs, it results in a malicious code execution within the system. The CVSS Fetch for this vulnerability is given as 8.6 (High).

This vulnerability nonetheless is reckoning on the permissions of the terminal users that strive to be taught the log file. If the malicious log file is copied and be taught on a local machine, then the local machine is affected in web page online of the event.

Affected Merchandise and Fastened Versions

Splunk has released a security advisory for this vulnerability which has multiple recordsdata relating to the assault vector, complexity, privileges, scope, and user interplay.

Customers of Splunk SOAR are instantaneous to toughen to the most contemporary versions to stop this vulnerability from getting exploited accidentally actors.