CVE-2023-27533

high Splunk
CVSS v3 Base Score
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.1%
Exploitation probability in 30 days
Top 70% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Confidentiality
High
Integrity
High
Availability
High
Published: March 30, 2023 (1140 days ago)
Last Modified: February 13, 2026
Vendor: Splunk

Description

A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.

CWE

CWE-75

Affected Products

haxx curlfedoraproject fedoranetapp active iq unified managernetapp clustered data ontapnetapp h300s firmwarenetapp h500s firmwarenetapp h700s firmwarenetapp h410s firmwaresplunk universal forwarder

References

🔗 hackerone.com 🔗 lists.debian.org 🔗 lists.fedoraproject.org 🔗 security.gentoo.org 🔗 security.netapp.com