Rewterz Threat Alert – Bitter APT Group – Active IOCs

May 5, 2023

Rewterz Threat Advisory – CVE-2023-31413 – Elastic Filebeat Vulnerability

May 5, 2023

Rewterz Threat Advisory – Multiple Elastic Kibana Vulnerabilities

May 5, 2023

Severity

High

Analysis Summary

CVE-2023-31414 CVSS:8.2

Elastic Kibana could allow a local authenticated attacker to execute arbitrary code on the system, caused by improper input validation. By sending a specially crafted payload, an attacker could exploit this vulnerability to execute arbitrary code with permissions of the Kibana process on the system.

CVE-2023-31415 CVSS:9.9

Elastic Kibana could allow a remote authenticated attacker to execute arbitrary code on the system, caused by improper input validation by the Uptime/Synthetics feature. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code with permissions of the Kibana process on the system.

Impact

Code Execution

Indicators Of Compromise

CVE

CVE-2023-31414
CVE-2023-31415

Affected Vendors

Elastic

Affected Products

Elastic Kibana 8.0.0 to 8.7.0

Remediation

Refer to Elasticsearch for patch, upgrade or suggested workaround information.

Elasticsearch Website

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Python RAT Uses Discord Interface to Execute Remote Attacks

Critical Alert: Jordanian Banks Under Siege by Everest Ransomware Group

The SocGholish-RansomHub Connection – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – Bitter APT Group – Active IOCs

Rewterz Threat Advisory – CVE-2023-31413 – Elastic Filebeat Vulnerability

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.