← volver
CVE-2023-32713

Local Privilege Escalation via the ‘streamfwd’ program in Splunk App for Stream

CVSS 7.8 HIGHEPSS 0.3%CWE-269
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.8EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
01 jun 2023Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
In Splunk App for Stream versions below 8.1.1, a low-privileged user could use a vulnerability in the streamfwd process within the Splunk App for Stream to escalate their privileges on the machine that runs the Splunk Enterprise instance, up to and including the root user.
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Productos afectados
Splunk · Splunk App for Stream

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://advisory.splunk.com/advisories/SVD-2023-0607