Main Vulnerability Database Vulnerabilities #VU78799

#VU78799 OS Command Injection in Splunk Security Orchestration, Automation and Response (SOAR) - CVE-2023-3997

Published: July 31, 2023

Vulnerability identifier: #VU78799

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2023-3997

CWE-ID: CWE-78

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Splunk Security Orchestration, Automation and Response (SOAR)

Software vendor:
Splunk Inc.

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation. A remote unauthenticated attacker can send a maliciously crafted web request containing special ANSI characters and inject arbitrary entries into the log file, which can lead to remote OS command execution when the log file is viewed via the terminal.

Remediation

Install updates from vendor's website.

External links

https://advisory.splunk.com/advisories/SVD-2023-0702

#VU78799 OS Command Injection in Splunk Security Orchestration, Automation and Response (SOAR) - CVE-2023-3997

Description

Remediation

External links

Please verify you're human