ANSI Escape Injection in Splunk ITSI <4.13.3/4.15.3/4.17.1
CVE-2023-4571 Published on August 30, 2023
Unauthenticated Log Injection in Splunk IT Service Intelligence (ITSI)
In Splunk IT Service Intelligence (ITSI) versions below below 4.13.3, 4.15.3, or 4.17.1, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log files that, when a vulnerable terminal application reads them, can run malicious code in the vulnerable application. This attack requires a user to use a terminal application that translates ANSI escape codes to read the malicious log file locally in the vulnerable terminal. The vulnerability also requires additional user interaction to succeed.
The vulnerability does not directly affect Splunk ITSI. The indirect impact on Splunk ITSI can vary significantly depending on the permissions in the vulnerable terminal application, as well as where and how the user reads the malicious log file. For example, users can copy the malicious file from Splunk ITSI and read it on their local machine.
Weakness Type
Improper Output Neutralization for Logs
The software does not neutralize or incorrectly neutralizes output that is written to logs.
Products Associated with CVE-2023-4571
Want to know whenever a new CVE is published for Splunk It Service Intelligence? stack.watch will email you.
Affected Versions
Splunk ITSI:- Version 4.13 and below 4.13.3 is affected.
- Version 4.15 and below 4.15.3 is affected.
- Version 4.17 and below 4.17.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.