Brother
Professional
- Messages
- 2,590
- Reaction score
- 526
- Points
- 113
An exploit for the critical RCE vulnerability is already available for download.
An independent cybersecurity researcher has released a Proof-of-Concept (PoC) exploit to exploit the RCE vulnerability CVE-2023-46214 in the popular data monitoring and analysis system Splunk, or rather in the company's enterprise product. The exploit allows you to remotely execute arbitrary code on vulnerable servers, and therefore the vulnerability is assigned a high level of danger (8.8 points on the CVSS scale).
Splunk Enterprise is a solution for collecting and analyzing a variety of data generated by an organization's infrastructure and business applications. This data is then used to generate useful insights to help improve security, compliance, application delivery, IT operations, and other aspects of the business.
Splunk's hundreds of customers include many world-renowned companies, including Intel, Lenovo, Zoom, Bosch, Coca-Cola, Papa Johns, Honda, Puma, and others.
Vulnerability CVE-2023-46214 is related to incorrect filtering of the Extensible Style Sheet Language (XSLT) that Splunk users can download. This allows potential attackers to transmit malicious XSLT code that will lead to remote code execution on the Splunk Enterprise server.
According to information from Splunk developers, the vulnerability affects versions from 9.0.0 to 9.0.6 and from 9.1.0 to 9.1.1. Also under attack were versions of Splunk Enterprise 8. x and the Splunk Cloud service below version 9.1.2308.
The security researcher who published the exploit reviewed the vulnerability in as much detail as possible in a separate report . According to the data obtained, launching an attack requires prior authentication in the system (knowledge of valid user credentials), as well as some user actions on the target server.
Splunk developers have already released updates 9.0.7 and 9.1.2, which address the vulnerability CVE-2023-46214. If an immediate update is not possible, we recommend disabling the ability to load XML styles for search tasks as a temporary measure. In addition, the Splunk team provided detailed information about the vulnerability, which may be useful for security specialists.
An independent cybersecurity researcher has released a Proof-of-Concept (PoC) exploit to exploit the RCE vulnerability CVE-2023-46214 in the popular data monitoring and analysis system Splunk, or rather in the company's enterprise product. The exploit allows you to remotely execute arbitrary code on vulnerable servers, and therefore the vulnerability is assigned a high level of danger (8.8 points on the CVSS scale).
Splunk Enterprise is a solution for collecting and analyzing a variety of data generated by an organization's infrastructure and business applications. This data is then used to generate useful insights to help improve security, compliance, application delivery, IT operations, and other aspects of the business.
Splunk's hundreds of customers include many world-renowned companies, including Intel, Lenovo, Zoom, Bosch, Coca-Cola, Papa Johns, Honda, Puma, and others.
Vulnerability CVE-2023-46214 is related to incorrect filtering of the Extensible Style Sheet Language (XSLT) that Splunk users can download. This allows potential attackers to transmit malicious XSLT code that will lead to remote code execution on the Splunk Enterprise server.
According to information from Splunk developers, the vulnerability affects versions from 9.0.0 to 9.0.6 and from 9.1.0 to 9.1.1. Also under attack were versions of Splunk Enterprise 8. x and the Splunk Cloud service below version 9.1.2308.
The security researcher who published the exploit reviewed the vulnerability in as much detail as possible in a separate report . According to the data obtained, launching an attack requires prior authentication in the system (knowledge of valid user credentials), as well as some user actions on the target server.
Splunk developers have already released updates 9.0.7 and 9.1.2, which address the vulnerability CVE-2023-46214. If an immediate update is not possible, we recommend disabling the ability to load XML styles for search tasks as a temporary measure. In addition, the Splunk team provided detailed information about the vulnerability, which may be useful for security specialists.
