WARNING: VULNERABILITY IN SPLUNK ENTERPRISE CAN LEAD TO REMOTE CODE EXECUTION (RCE), PATCH IMMEDIATELY
CVE-2023-46214
CVSS: 8.0 (HIGH) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H)
Sources
Risques
Exploitation of CVE-2023-46214 can lead to remote code execution (RCE) through insecure XML parsing.
Said vulnerability is actively discussed and referenced in forums and platforms. Proof of concept exploit(s) exist(s). A compromise could have high impact on confidentiality, integrity and availability.
Splunk offers a solution to mitigate the risk.
Description
Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) supplied by users. An attacker could upload a malicious XSLT which could result in remote code execution (RCE) on the Splunk Enterprise instance.
Actions recommandées
The Centre for Cyber Security Belgium (CCB) strongly recommends to follow Splunk's advisory to upgrade to Splunk Enterprise 9.0.7 or 9.1.2.