CVE-2023-46214
Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.
En las versiones de Splunk Enterprise inferiores a 9.0.7 y 9.1.2, Splunk Enterprise no sanitiza de forma segura las transformaciones de lenguaje de hojas de estilo extensibles (XSLT) que proporcionan los usuarios. Esto significa que un atacante puede cargar XSLT malicioso, lo que puede provocar la ejecución remota de código en la instancia de Splunk Enterprise.
*Credits:
Alex Hordijk
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-10-18 CVE Reserved
- 2023-11-16 CVE Published
- 2024-10-30 CVE Updated
- 2024-11-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-91: XML Injection (aka Blind XPath Injection)
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://github.com/nathan31337/Splunk-RCE-poc | ||
https://blog.hrncirik.net/cve-2023-46214-analysis |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Splunk Search vendor "Splunk" | Cloud Search vendor "Splunk" for product "Cloud" | < 9.1.2308 Search vendor "Splunk" for product "Cloud" and version " < 9.1.2308" | - |
Affected
| ||||||
Splunk Search vendor "Splunk" | Splunk Search vendor "Splunk" for product "Splunk" | >= 9.0.0 < 9.0.7 Search vendor "Splunk" for product "Splunk" and version " >= 9.0.0 < 9.0.7" | enterprise |
Affected
| ||||||
Splunk Search vendor "Splunk" | Splunk Search vendor "Splunk" for product "Splunk" | >= 9.1.0 < 9.1.2 Search vendor "Splunk" for product "Splunk" and version " >= 9.1.0 < 9.1.2" | enterprise |
Affected
|