VDB

CVE-2023-4571

CVE-2023-4571 PUBLISHED CVSS 8.600000381469727 HIGH

In Splunk IT Service Intelligence (ITSI) versions below 4.13.3 or 4.15.3, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log files that, when a vulnerable terminal application reads them, can run malicious code in the vulnerable application. This attack requires a user to use a terminal application that translates ANSI escape codes to read the malicious log file locally in the vulnerable terminal. The vulnerability also requires additional user interaction to succeed. The vulnerability does not directly affect Splunk ITSI. The indirect impact on Splunk ITSI can vary significantly depending on the permissions in the vulnerable terminal application, as well as where and how the user reads the malicious log file. For example, users can copy the malicious file from Splunk ITSI and read it on their local machine.

EPSS 0.08% · 24.5th percentile

Risk Scores

CVSS 3.1
8.600000381469727
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score
0.08%
24.5th percentile

Affected Products

VendorProductVersions
splunkit_service_intelligence4.15.0, 4.17.0, 4.13.0
SplunkSplunk ITSI4.13, 4.15, 4.17

Exploit Intelligence

Timeline

  • Aug 30, 2023 CVE Published
  • Aug 31, 2023 EPSS Score
  • Oct 3, 2023 EPSS Score
  • Nov 5, 2023 EPSS Score
  • Dec 7, 2023 EPSS Score
  • Jan 9, 2024 EPSS Score
  • Feb 11, 2024 EPSS Score
  • Mar 15, 2024 EPSS Score
  • Apr 17, 2024 EPSS Score
  • May 20, 2024 EPSS Score
  • Jun 21, 2024 EPSS Score
  • Jul 24, 2024 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›