CVE-2017-5607

Splunk Enterprise - Information Disclosure

Severity Score

3.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3 and Splunk Light before 6.5.2 assigns the $C JS property to the global Window namespace, which might allow remote attackers to obtain sensitive logged-in username and version-related information via a crafted webpage.

Splunk Enterprise 5.0.x en versiones anteriores a 5.0.18, 6.0.x en versiones anteriores a 6.0.14, 6.1.x en versiones anteriores a 6.1.13, 6.2.x en versiones anteriores a 6.2.13.1, 6.3.x en versiones anteriores a 6.3.10, 6.4.x en versiones anteriores a 6.4.6, Y 6.5.x en versiones anteriores a 6.5.3 y Splunk Light en versiones anteriores a 6.5.2 asigna la propiedad $C JS al espacio de nombres global de Window, lo que podría permitir a los atacantes remotos obtener información sensible relacionada con el nombre de usuario y la versión a través de una página web manipulada.

Attackers can siphon information from Splunk Enterprise if an authenticated Splunk user visits a malicious webpage. Some useful data gained is the currently logged in username and if remote user setting is enabled. After, the username can be use to Phish or Brute Force Splunk Enterprise login. Additional information stolen may aid in furthering attacks.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-01-28 CVE Reserved
2017-04-01 CVE Published
2024-08-05 CVE Updated
2024-08-05 First Exploit
2024-10-23 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (8)

URL	Tag	Source
http://www.securityfocus.com/bid/97265	Third Party Advisory
http://www.securityfocus.com/bid/97286	Third Party Advisory
http://www.securitytracker.com/id/1038170	Third Party Advisory

URL	Date	SRC
https://www.exploit-db.com/exploits/41779	2024-08-05
http://hyp3rlinx.altervista.org/advisories/SPLUNK-ENTERPRISE-INFORMATION-THEFT.txt	2024-08-05
http://seclists.org/fulldisclosure/2017/Mar/89	2024-08-05
http://www.securityfocus.com/archive/1/540346/100/0/threaded	2024-08-05

URL	Date	SRC

URL	Date	SRC
https://www.splunk.com/view/SP-CAAAPZ3#InformationLeakageviaJavaScriptCVE20175607	2019-03-20

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Splunk Search vendor "Splunk"		Splunk Search vendor "Splunk" for product "Splunk"				<= 6.5.1 Search vendor "Splunk" for product "Splunk" and version " <= 6.5.1"		light		Affected
Splunk Search vendor "Splunk"		Splunk Search vendor "Splunk" for product "Splunk"				>= 5.0.0 < 5.0.18 Search vendor "Splunk" for product "Splunk" and version " >= 5.0.0 < 5.0.18"		enterprise		Affected
Splunk Search vendor "Splunk"		Splunk Search vendor "Splunk" for product "Splunk"				>= 6.0.0 < 6.0.14 Search vendor "Splunk" for product "Splunk" and version " >= 6.0.0 < 6.0.14"		enterprise		Affected
Splunk Search vendor "Splunk"		Splunk Search vendor "Splunk" for product "Splunk"				>= 6.1.0 < 6.1.13 Search vendor "Splunk" for product "Splunk" and version " >= 6.1.0 < 6.1.13"		enterprise		Affected
Splunk Search vendor "Splunk"		Splunk Search vendor "Splunk" for product "Splunk"				>= 6.2.0 < 6.2.13.1 Search vendor "Splunk" for product "Splunk" and version " >= 6.2.0 < 6.2.13.1"		enterprise		Affected
Splunk Search vendor "Splunk"		Splunk Search vendor "Splunk" for product "Splunk"				>= 6.3.0 < 6.3.10 Search vendor "Splunk" for product "Splunk" and version " >= 6.3.0 < 6.3.10"		enterprise		Affected
Splunk Search vendor "Splunk"		Splunk Search vendor "Splunk" for product "Splunk"				>= 6.4.0 < 6.4.6 Search vendor "Splunk" for product "Splunk" and version " >= 6.4.0 < 6.4.6"		enterprise		Affected
Splunk Search vendor "Splunk"		Splunk Search vendor "Splunk" for product "Splunk"				>= 6.5.0 < 6.5.3 Search vendor "Splunk" for product "Splunk" and version " >= 6.5.0 < 6.5.3"		enterprise		Affected