Unauthenticated Log Injection in Splunk IT Service Intelligence (ITSI)
CVE-2023-4571

8.6HIGH

Key Information:

Vendor: Splunk
Status: Splunk Itsi
Vendor: CVE Published:; 30 August 2023

Summary

In vulnerable versions of Splunk IT Service Intelligence (ITSI), malicious actors can exploit a code injection vulnerability by injecting ANSI escape codes into log files. When users read these log files with a vulnerable terminal application, the injected escape codes can execute unwanted commands on their systems. Although this vulnerability does not directly impact Splunk ITSI, it poses a risk based on the permissions of the terminal application and how users interact with malicious log files. Successful exploitation requires users to inadvertently use a terminal that processes these escape codes, further emphasizing the need for caution when handling log files from Splunk ITSI.

Affected Version(s)

Splunk ITSI 4.13 < 4.13.3

Splunk ITSI 4.15 < 4.15.3

Splunk ITSI 4.17 < 4.17.1

References

https://advisory.splunk.com/advisories/SVD-2023-0810

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 30, 2023
Vulnerability Reserved
Aug 28, 2023

Credit

STÖK / Fredrik Alexandersson