CVE-2023-32712

CWE-117CWE-1163 documents3 sources
Severity
3.1LOW
EPSS
0.3%
top 46.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Splunk Splunk EnterpriseSplunk Universal ForwarderSplunk Splunk
Timeline
PublishedJun 1

Description

In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2, an attacker can inject American National Standards Institute (ANSI) escape codes into Splunk log files that, when a vulnerable terminal application reads them, can potentially, at worst, result in possible code execution in the vulnerable application. This attack requires a user to use a terminal application that supports the translation of ANSI escape codes to read the malicious log file locally in the vulnerable terminal, and

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 1.8 | Impact: 6.0

Affected Packages3 packages

CVEListV5splunk/universal_forwarder8.28.2.12+2
CVEListV5splunk/splunk_enterprise8.28.2.11.2+2
NVDsplunk/splunk8.1.08.1.14+2

🔴Vulnerability Details

2
GHSA
GHSA-v72v-m6vq-49vh: In Splunk Enterprise versions below 92023-06-01
CVEList
Unauthenticated Log Injection in Splunk Enterprise2023-06-01