Main Vulnerability Database SB2023100634

SB2023100634 - MitM attack in Elastic Beats

Published: October 6, 2023

Security Bulletin ID SB2023100634

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Certificate Validation (CVE-ID: CVE-2023-31421)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to the application does not verify whether the server certificate is valid for the target IP address. When the client is configured to connect to an IP address instead of a hostname, it does not validate the server certificate's IP SAN values against that IP address and certificate validation fails, and therefore the connection is not blocked as expected. A remote attacker can perform MitM attack.

Remediation

Install update from vendor's website.

References

https://www.elastic.co/community/security#ESA-2023-16