← back
CVE-2023-3997

Unauthenticated Log Injection In Splunk SOAR

CVSS 8.6 HIGHEPSS 0.3%CWE-117
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.6EPSS 0.3%KEV nãoPoC Patch
Lifecycle
31 Jul 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Splunk SOAR versions lower than 6.1.0 are indirectly affected by a potential vulnerability accessed through the user’s terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to view the poisoned logs, this can tamper with the terminal and cause possible malicious code execution from the terminal user’s action.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected products
Splunk · Splunk SOAR (Cloud)Splunk · Splunk SOAR (On-premises)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://advisory.splunk.com/advisories/SVD-2023-0702