CVE-2023-4571

Name of the Vulnerable Software and Affected Versions Splunk IT Service Intelligence (ITSI) versions prior to 4.13.3 Splunk IT Service Intelligence (ITSI) versions prior to 4.15.3 Splunk IT Service Intelligence (ITSI) versions prior to 4.17.1

Description A malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log files. When a vulnerable terminal application reads these log files, it can run malicious code in the vulnerable application. This attack requires a user to use a terminal application that translates ANSI escape codes to read the malicious log file locally in the vulnerable terminal. The vulnerability also requires additional user interaction to succeed. The indirect impact on Splunk ITSI can vary significantly depending on the permissions in the vulnerable terminal application, as well as where and how the user reads the malicious log file.

Recommendations For versions prior to 4.13.3, update to version 4.13.3 or later. For versions prior to 4.15.3, update to version 4.15.3 or later. For versions prior to 4.17.1, update to version 4.17.1 or later. As a temporary workaround, consider avoiding the use of terminal applications that translate ANSI escape codes to read log files from Splunk ITSI until a patch is applied. Restrict access to log files and limit user interaction with potentially malicious files to minimize the risk of exploitation.