Cyber Security

Splunk IT Service Intelligence Injection Flaw Let Attacker Inject ANSI Codes in Log Files

Splunk has been reported with a Unauthenticated Log injection vulnerability in the Splunk IT Service Intelligence (ITSI) product. This vulnerability exists in Splunk ITSI versions prior to 4.13.3 or 4.15.3. 

Splunk ITSI  is an Artificial Intelligence Operations (AIOps) powered monitoring and analytics solution that provides users with visibility about the health of critical IT and business services and their infrastructure.

CVE(s):

CVE-2023-4571: Unauthenticated Log Injection in Splunk IT Service Intelligence (ITSI)

This vulnerability can be exploited by a threat actor by injecting an American National Standard Institute (ANSI) escape code inside the Splunk ITSI log files that can run malicious code in the vulnerable application if a vulnerable terminal application reads it. 

However, this vulnerability requires user interactions to be performed. The user must read the malicious log file using a terminal application that translates the ANSI escape codes in the vulnerable terminal.

This vulnerability can be exploited by threat actors to perform malicious actions like copying the malicious file from Splunk ITSI and reading it on their local machine.

The impact of this vulnerability on Splunk ITSI can vary depending upon the permission in the vulnerable terminal application. The CVSS score for this vulnerability has been given as 8.6 (High). 

Remediation

As per the security advisory, Splunk has requested its users to upgrade to version 4.13.3 or 4.15.3 to patch this vulnerability. However, logs prior to the upgrade might still be at risk. To mitigate this, users are recommended to

  • Remove existing ITSI log files in $SPLUNK_HOME/var/log/splunk/ or $SPLUNK_HOME/var/run/splunk/dispatch//itsi_search.log
  • In the case of Windows, the log files are present in %SPLUNK_HOME%\var\log\splunk and %SPLUNK_HOME%\var\run\splunk\dispatch\\itsi_search.log, which must be removed.

Affected products

ProductVersionComponentAffected VersionFix Version
Splunk ITSI4.134.13.0 to 4.13.24.13.3
Splunk ITSI4.154.15.0 to 4.15.24.15.3

Users of Splunk ITSI are recommended to upgrade to the latest version to fix this vulnerability and follow the mitigation steps provided. Organizations are getting targeted by multiple threat actors from different perspectives.

It is high time to take precautionary actions against all the identified vulnerabilities and patch them accordingly to prevent any disastrous events.

Source: https://cybersecuritynews.com/splunk-it-service-intelligence-flaw/

Click to comment

You May Also Like

Cyber Security

A group of Researchers unearthed critical code Proton Mail vulnerabilities that could have jeopardized the security of Proton Mail, a renowned privacy-focused webmail service. ...

Cyber Security

How a cornerstone cybersecurity program has evolved from information collection to active defense. The Cybersecurity and Infrastructure Security Agency has used its Continuous Diagnostics...

Cyber Security

We are glad to present the most recent news on cybersecurity in this week’s Threat and Vulnerability Roundup from Cyber Writes.  The latest attack...

Cyber Security

The cybercrime group evaded remediation efforts by installing persistent backdoors and deploying “new and novel malware.” A Chinese-linked hacking group that security researchers say...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO

Exit mobile version