Main Vulnerability Database SB2019032701

SB2019032701 - Security restrictions bypass in Elastic beats

Published: March 27, 2019

Security Bulletin ID SB2019032701

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Insufficient logging (CVE-ID: CVE-2019-7613)

The vulnerability allows a remote attacker disrupt logging functionality of the application.

The vulnerability exists due to insufficient sanitization of user-supplied input when writing events into log files within the Winlogbeat. A remote attacker with ability to supply specially crafted characters to the Elasticsearch application can inject certain characters into a log entry could prevent Winlogbeat from recording the event.

Successful exploitation of the vulnerability may allow attackers to hide their malicious activity on the system.

Remediation

Install update from vendor's website.

References

https://discuss.elastic.co/t/elastic-stack-6-6-2-and-5-6-16-security-update/173180