Security restrictions bypass in Elastic beats



Published: 2019-03-27
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2019-7613
CWE-ID CWE-778
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Beats
Server applications / Other server solutions

Vendor Elastic Stack

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Insufficient logging

EUVDB-ID: #VU18082

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-7613

CWE-ID: CWE-778 - Insufficient Logging

Exploit availability: No

Description

The vulnerability allows a remote attacker disrupt logging functionality of the application.

The vulnerability exists due to insufficient sanitization of user-supplied input when writing events into log files within the Winlogbeat. A remote attacker with ability to supply specially crafted characters to the Elasticsearch application can inject certain characters into a log entry could prevent Winlogbeat from recording the event.

Successful exploitation of the vulnerability may allow attackers to hide their  malicious activity on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Beats: 5.6.0 - 6.6.1

External links

http://discuss.elastic.co/t/elastic-stack-6-6-2-and-5-6-16-security-update/173180


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###