Splunk on Wednesday introduced patches for a number of high-severity vulnerabilities in Splunk Enterprise and IT Service Intelligence, together with flaws in third-party packages.
Probably the most extreme of the bugs resolved in Splunk Enterprise this month is CVE-2023-40595 (CVSS rating of 8.8), which is described as a distant code execution situation exploitable utilizing crafted queries.
“The exploit requires using the acquire SPL command which writes a file inside the Splunk Enterprise set up. The attacker can then use this file to submit a serialized payload that may end up in execution of code inside the payload,” Splunk explains in an advisory.
Subsequent in line is CVE-2023-40598, a command injection vulnerability impacting a legacy inner operate, which might be exploited to execute arbitrary code.
“The vulnerability revolves across the currently-deprecated runshellscript command that scripted alert actions use. This command, together with exterior command lookups, lets an attacker use this vulnerability to inject and execute instructions inside a privileged context from the Splunk platform occasion,” Splunk explains.
The newest Splunk Enterprise releases additionally resolve a cross-site scripting (XSS) flaw (CVE-2023-40592), an absolute path traversal bug resulting in code execution (CVE-2023-40597), and a privilege escalation situation ensuing from an insecure path reference in a DLL (CVE-2023-40596).
All vulnerabilities had been addressed with the discharge of Splunk Enterprise variations 8.2.12, 9.0.6, and 9.1.1, which additionally patch two medium-severity denial-of-service (DoS) flaws.
On Wednesday, Splunk additionally introduced patches for an unauthenticated log injection bug (CVE-2023-4571, CVSS rating of 8.6) in IT Service Intelligence.
The problem permits an attacker to inject ANSI escape codes into log information, leading to malicious code being executed when the log file is learn in a weak terminal software.
Whereas IT Service Intelligence is just not immediately impacted by the flaw, oblique impression outcomes from the permissions the terminal software has, and from the place and the way the person reads the malicious log information.
Splunk patched the vulnerability in IT Service Intelligence variations 4.13.3 and 4.15.3.
The software program firm makes no point out of any of those vulnerabilities being exploited in assaults. Further info on the bugs will be discovered on Splunk’s security advisories web page.
The updates Splunk introduced on Wednesday additionally resolve a number of high-severity points in third-party packages utilized in Splunk Enterprise, IT Service Intelligence, and Common Forwarder.
