← voltar
CVE-2023-3997

Unauthenticated Log Injection In Splunk SOAR

CVSS 8.6 HIGHEPSS 0.3%CWE-117
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 8.6EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
31 jul 2023Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Splunk SOAR versions lower than 6.1.0 are indirectly affected by a potential vulnerability accessed through the user’s terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to view the poisoned logs, this can tamper with the terminal and cause possible malicious code execution from the terminal user’s action.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Produtos afetados
Splunk · Splunk SOAR (Cloud)Splunk · Splunk SOAR (On-premises)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://advisory.splunk.com/advisories/SVD-2023-0702