Improper Certificate Validation in Beats - CVE-2023-31421
Published: October 6, 2023
Vulnerability identifier: #VU81680
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-31421
CWE-ID: CWE-295
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Beats
Beats
Software vendor:
Elastic Stack
Elastic Stack
Description
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to the application does not verify whether the server certificate is valid for the target IP address. When the client is configured to connect to an IP address instead of a
hostname, it does not validate the server certificate's IP SAN values
against that IP address and certificate validation fails, and therefore
the connection is not blocked as expected. A remote attacker can perform MitM attack.
Remediation
Install updates from vendor's website.