CVE-2023-32713

In Splunk App for Stream versions below 8.1.1, a low-privileged user could use a vulnerability in the streamfwd process within the Splunk App for Stream to escalate their privileges on the machine that runs the Splunk Enterprise instance, up to and including the root user.

CVSS v3 9.9 CRITICAL

9.9^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://advisory.splunk.com/advisories/SVD-2023-0607	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:splunk:splunk_app_for_stream:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-06-01 17:15

Updated : 2024-04-10 01:15

NVD link : CVE-2023-32713

Mitre link : CVE-2023-32713

CVE.ORG link : CVE-2023-32713

JSON object : View

Products Affected

splunk

splunk_app_for_stream

CWE

CWE-269

Improper Privilege Management

{"id": "CVE-2023-32713", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.1}, {"type": "Secondary", "source": "prodsec@splunk.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.1}]}, "published": "2023-06-01T17:15:10.453", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2023-0607", "tags": ["Vendor Advisory"], "source": "prodsec@splunk.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-269"}]}, {"type": "Secondary", "source": "prodsec@splunk.com", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "In Splunk App for Stream versions below 8.1.1, a low-privileged user could use a vulnerability in the streamfwd process within the Splunk App for Stream to escalate their privileges on the machine that runs the Splunk Enterprise instance, up to and including the root user."}], "lastModified": "2024-04-10T01:15:14.347", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk_app_for_stream:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1935738E-D4ED-4D2E-B984-FACD89EEAF7F", "versionEndExcluding": "8.1.1"}], "operator": "OR"}]}], "sourceIdentifier": "prodsec@splunk.com"}

9.9 /10