{"id":48042,"date":"2026-06-17T10:34:12","date_gmt":"2026-06-17T03:34:12","guid":{"rendered":"https:\/\/antoanthongtinhaiphong.gov.vn\/?p=48042"},"modified":"2026-06-18T10:35:09","modified_gmt":"2026-06-18T03:35:09","slug":"splunk-va-lo-hong-nghiem-trong-cho-phep-hacker-chiem-quyen-may-chu-tu-xa","status":"publish","type":"post","link":"https:\/\/antoanthongtinhaiphong.gov.vn\/splunk-va-lo-hong-nghiem-trong-cho-phep-hacker-chiem-quyen-may-chu-tu-xa\/","title":{"rendered":"Splunk v\u00e1 l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng cho ph\u00e9p hacker chi\u1ebfm quy\u1ec1n m\u00e1y ch\u1ee7 t\u1eeb xa"},"content":{"rendered":"
N\u1ec1n t\u1ea3ng ph\u00e2n t\u00edch d\u1eef li\u1ec7u v\u00e0 gi\u00e1m s\u00e1t h\u1ec7 th\u1ed1ng Splunk v\u1eeba ph\u00e1t h\u00e0nh b\u1ea3n v\u00e1 cho m\u1ed9t l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt c\u1ef1c k\u1ef3 nghi\u00eam tr\u1ecdng trong Splunk Enterprise c\u00f3 th\u1ec3 cho ph\u00e9p tin t\u1eb7c th\u1ef1c thi m\u00e3 t\u1eeb xa m\u00e0 kh\u00f4ng c\u1ea7n x\u00e1c th\u1ef1c. C\u00e1c chuy\u00ean gia c\u1ea3nh b\u00e1o \u0111\u00e2y l\u00e0 d\u1ea1ng l\u1ed7 h\u1ed5ng \u0111\u1eb7c bi\u1ec7t nguy hi\u1ec3m v\u00ec c\u00f3 th\u1ec3 b\u1ecb khai th\u00e1c tr\u1ef1c ti\u1ebfp qua m\u1ea1ng v\u00e0 d\u1eabn t\u1edbi chi\u1ebfm quy\u1ec1n to\u00e0n b\u1ed9 h\u1ec7 th\u1ed1ng gi\u00e1m s\u00e1t doanh nghi\u1ec7p.<\/b>
\n\u200b<\/div>\n
\n
\"2285d016-51cc-437c-bc0a-953ebc6afe1b.png\"<\/div>\n<\/div>\n
\nL\u1ed7 h\u1ed5ng \u0111\u01b0\u1ee3c \u0111\u1ecbnh danh l\u00e0 CVE-2026-20253, c\u00f3 \u0111i\u1ec3m CVSS 9,8\/10 g\u1ea7n m\u1ee9c t\u1ed1i \u0111a trong thang \u0111\u00e1nh gi\u00e1 m\u1ee9c \u0111\u1ed9 nghi\u00eam tr\u1ecdng. Theo Splunk v\u00e0 c\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u b\u1ea3o m\u1eadt, l\u1ed7i t\u1ed3n t\u1ea1i trong th\u00e0nh ph\u1ea7n PostgreSQL sidecar service c\u1ee7a Splunk Enterprise do c\u01a1 ch\u1ebf x\u1eed l\u00fd request HTTP kh\u00f4ng ki\u1ec3m tra x\u00e1c th\u1ef1c \u0111\u00fang c\u00e1ch. \u0110i\u1ec1u n\u00e0y khi\u1ebfn k\u1ebb t\u1ea5n c\u00f4ng t\u1eeb xa c\u00f3 th\u1ec3 g\u1eedi request \u0111\u1ed9c h\u1ea1i \u0111\u1ec3 t\u1ea1o ho\u1eb7c ghi \u0111\u00e8 file t\u00f9y \u00fd tr\u00ean h\u1ec7 \u0111i\u1ec1u h\u00e0nh ph\u00eda d\u01b0\u1edbi m\u00e0 kh\u00f4ng c\u1ea7n t\u00e0i kho\u1ea3n \u0111\u0103ng nh\u1eadp.<\/p>\n

\u0110i\u1ec3m \u0111\u00e1ng lo ng\u1ea1i l\u00e0 l\u1ed7 h\u1ed5ng kh\u00f4ng y\u00eau c\u1ea7u t\u01b0\u01a1ng t\u00e1c ng\u01b0\u1eddi d\u00f9ng, kh\u00f4ng c\u1ea7n quy\u1ec1n admin v\u00e0 c\u00f3 th\u1ec3 b\u1ecb khai th\u00e1c t\u1eeb xa n\u1ebfu h\u1ec7 th\u1ed1ng Splunk m\u1edf ra m\u1ea1ng n\u1ed9i b\u1ed9 ho\u1eb7c Internet. Theo ph\u00e2n t\u00edch c\u1ee7a Orca Security, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 l\u1ee3i d\u1ee5ng kh\u1ea3 n\u0103ng ghi file \u0111\u1ec3 ch\u00e8n m\u00e3 \u0111\u1ed9c, ph\u00e1 h\u1ee7y d\u1eef li\u1ec7u ho\u1eb7c t\u1eebng b\u01b0\u1edbc leo thang th\u00e0nh th\u1ef1c thi m\u00e3 t\u1eeb xa.\u200b<\/p><\/div>\n

V\u00ec sao l\u1ed7 h\u1ed5ng n\u00e0y \u0111\u1eb7c bi\u1ec7t nguy hi\u1ec3m?\u200b<\/div>\n
Splunk l\u00e0 n\u1ec1n t\u1ea3ng \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng r\u1ed9ng r\u00e3i trong c\u00e1c trung t\u00e2m SOC, h\u1ec7 th\u1ed1ng SIEM, gi\u00e1m s\u00e1t log, ph\u00e2n t\u00edch b\u1ea3o m\u1eadt v\u00e0 v\u1eadn h\u00e0nh h\u1ea1 t\u1ea7ng CNTT. Nhi\u1ec1u doanh nghi\u1ec7p l\u1edbn, ng\u00e2n h\u00e0ng, c\u01a1 quan ch\u00ednh ph\u1ee7 v\u00e0 t\u1ed5 ch\u1ee9c t\u00e0i ch\u00ednh s\u1eed d\u1ee5ng Splunk \u0111\u1ec3 thu th\u1eadp v\u00e0 x\u1eed l\u00fd log t\u1eeb to\u00e0n b\u1ed9 h\u1ec7 th\u1ed1ng n\u1ed9i b\u1ed9.<\/p>\n

\u0110i\u1ec1u n\u00e0y \u0111\u1ed3ng ngh\u0129a n\u1ebfu m\u1ed9t m\u00e1y ch\u1ee7 Splunk b\u1ecb chi\u1ebfm quy\u1ec1n, hacker c\u00f3 th\u1ec3:\u200b<\/p><\/div>\n

    \n
  • \n
    Theo d\u00f5i log b\u1ea3o m\u1eadt n\u1ed9i b\u1ed9\u200b<\/div>\n<\/li>\n
  • \n
    \u0110\u00e1nh c\u1eafp token, API key ho\u1eb7c th\u00f4ng tin x\u00e1c th\u1ef1c\u200b<\/div>\n<\/li>\n
  • \n
    \u1ea8n d\u1ea5u v\u1ebft t\u1ea5n c\u00f4ng kh\u1ecfi h\u1ec7 th\u1ed1ng gi\u00e1m s\u00e1t\u200b<\/div>\n<\/li>\n
  • \n
    M\u1edf r\u1ed9ng x\u00e2m nh\u1eadp sang c\u00e1c m\u00e1y ch\u1ee7 kh\u00e1c\u200b<\/div>\n<\/li>\n
  • \n
    L\u00e0m gi\u00e1n \u0111o\u1ea1n ho\u1ea1t \u0111\u1ed9ng SOC v\u00e0 gi\u00e1m s\u00e1t an ninh m\u1ea1ng\u200b<\/div>\n<\/li>\n<\/ul>\n
    Trong nhi\u1ec1u m\u00f4i tr\u01b0\u1eddng doanh nghi\u1ec7p, Splunk c\u00f2n \u0111\u01b0\u1ee3c k\u1ebft n\u1ed1i tr\u1ef1c ti\u1ebfp v\u1edbi Active Directory, firewall, cloud v\u00e0 h\u1ec7 th\u1ed1ng endpoint, khi\u1ebfn m\u1ee9c \u0111\u1ed9 \u1ea3nh h\u01b0\u1edfng c\u00f3 th\u1ec3 lan r\u1ed9ng to\u00e0n h\u1ea1 t\u1ea7ng.\u200b<\/div>\n
    Kh\u00f4ng ch\u1ec9 m\u1ed9t l\u1ed7 h\u1ed5ng\u200b<\/div>\n
    Ngo\u00e0i CVE-2026-20253, Splunk c\u00f2n v\u00e1 th\u00eam nhi\u1ec1u l\u1ed7i nghi\u00eam tr\u1ecdng kh\u00e1c trong \u0111\u1ee3t c\u1eadp nh\u1eadt l\u1ea7n n\u00e0y.<\/p>\n

    M\u1ed9t trong s\u1ed1 \u0111\u00f3 l\u00e0 CVE-2026-20251, \u0111i\u1ec3m CVSS 8,8, \u1ea3nh h\u01b0\u1edfng t\u1edbi \u1ee9ng d\u1ee5ng Splunk Secure Gateway. L\u1ed7 h\u1ed5ng n\u00e0y cho ph\u00e9p ng\u01b0\u1eddi d\u00f9ng c\u00f3 quy\u1ec1n th\u1ea5p th\u1ef1c hi\u1ec7n deserialization d\u1eef li\u1ec7u kh\u00f4ng an to\u00e0n th\u00f4ng qua th\u01b0 vi\u1ec7n jsonpickle, t\u1eeb \u0111\u00f3 d\u1eabn t\u1edbi th\u1ef1c thi m\u00e3 t\u1eeb xa.<\/p>\n

    Ngo\u00e0i ra c\u00f2n c\u00f3:\u200b<\/p><\/div>\n

      \n
    • \n
      CVE-2026-20258: Stored XSS trong dashboard HTML\u200b<\/div>\n<\/li>\n
    • \n
      CVE-2026-20252: SSRF trong t\u00ednh n\u0103ng xu\u1ea5t PDF c\u1ee7a Dashboard Studio\u200b<\/div>\n<\/li>\n<\/ul>\n
      C\u00e1c l\u1ed7i n\u00e0y c\u00f3 th\u1ec3 b\u1ecb k\u1ebft h\u1ee3p th\u00e0nh chu\u1ed7i t\u1ea5n c\u00f4ng ph\u1ee9c t\u1ea1p nh\u1eb1m x\u00e2m nh\u1eadp s\u00e2u h\u01a1n v\u00e0o m\u1ea1ng n\u1ed9i b\u1ed9 doanh nghi\u1ec7p.\u200b<\/div>\n
      Phi\u00ean b\u1ea3n n\u00e0o b\u1ecb \u1ea3nh h\u01b0\u1edfng?\u200b<\/div>\n
      Theo Splunk, c\u00e1c phi\u00ean b\u1ea3n b\u1ecb \u1ea3nh h\u01b0\u1edfng g\u1ed3m:\u200b<\/div>\n
        \n
      • \n
        Splunk Enterprise 9.3.x \u0111\u1ebfn 10.2.x\u200b<\/div>\n<\/li>\n
      • \n
        M\u1ed9t s\u1ed1 phi\u00ean b\u1ea3n Splunk Cloud Platform\u200b<\/div>\n<\/li>\n
      • \n
        Splunk Secure Gateway App 3.8, 3.9 v\u00e0 3.10\u200b<\/div>\n<\/li>\n<\/ul>\n
        Splunk \u0111\u00e3 ph\u00e1t h\u00e0nh b\u1ea3n v\u00e1 cho c\u00e1c phi\u00ean b\u1ea3n:\u200b<\/div>\n
          \n
        • \n
          10.2.4\u200b<\/div>\n<\/li>\n
        • \n
          10.0.7\u200b<\/div>\n<\/li>\n
        • \n
          9.4.12\u200b<\/div>\n<\/li>\n
        • \n
          9.3.13\u200b<\/div>\n<\/li>\n<\/ul>\n
          v\u00e0 c\u00e1c b\u1ea3n c\u1eadp nh\u1eadt t\u01b0\u01a1ng \u1ee9ng cho Splunk Cloud Platform c\u00f9ng Secure Gateway App.\u200b<\/div>\n
          \u0110\u00e3 c\u00f3 khai th\u00e1c th\u1ef1c t\u1ebf ch\u01b0a?\u200b<\/div>\n
          Hi\u1ec7n Splunk cho bi\u1ebft ch\u01b0a ph\u00e1t hi\u1ec7n d\u1ea5u hi\u1ec7u b\u1ecb khai th\u00e1c ngo\u00e0i th\u1ef1c t\u1ebf. Tuy nhi\u00ean, gi\u1edbi nghi\u00ean c\u1ee9u c\u1ea3nh b\u00e1o nguy c\u01a1 khai th\u00e1c s\u1ebd t\u0103ng m\u1ea1nh v\u00ec m\u00e3 PoC v\u00e0 ph\u00e2n t\u00edch k\u1ef9 thu\u1eadt \u0111\u00e3 b\u1eaft \u0111\u1ea7u xu\u1ea5t hi\u1ec7n c\u00f4ng khai.<\/p>\n

          Trong gi\u1edbi an ninh m\u1ea1ng, c\u00e1c l\u1ed7 h\u1ed5ng \u201ckh\u00f4ng c\u1ea7n x\u00e1c th\u1ef1c\u201d tr\u00ean n\u1ec1n t\u1ea3ng doanh nghi\u1ec7p th\u01b0\u1eddng b\u1ecb v\u0169 kh\u00ed h\u00f3a r\u1ea5t nhanh, \u0111\u1eb7c bi\u1ec7t v\u1edbi nh\u1eefng h\u1ec7 th\u1ed1ng ph\u1ed5 bi\u1ebfn nh\u01b0 Splunk.\u200b<\/p><\/div>\n

          C\u00e1c chuy\u00ean gia khuy\u1ebfn ngh\u1ecb g\u00ec?\u200b<\/div>\n
          C\u00e1c chuy\u00ean gia b\u1ea3o m\u1eadt khuy\u1ebfn ngh\u1ecb qu\u1ea3n tr\u1ecb vi\u00ean c\u1ea7n c\u1eadp nh\u1eadt Splunk kh\u1ea9n c\u1ea5p, \u0111\u1eb7c bi\u1ec7t v\u1edbi c\u00e1c h\u1ec7 th\u1ed1ng c\u00f3 th\u1ec3 truy c\u1eadp qua m\u1ea1ng ho\u1eb7c Internet.<\/p>\n

          Ngo\u00e0i vi\u1ec7c v\u00e1 l\u1ed7i, doanh nghi\u1ec7p n\u00ean:\u200b<\/p><\/div>\n

            \n
          • \n
            Ki\u1ec3m tra xem Splunk c\u00f3 public Internet hay kh\u00f4ng\u200b<\/div>\n<\/li>\n
          • \n
            Gi\u1edbi h\u1ea1n truy c\u1eadp t\u1edbi giao di\u1ec7n qu\u1ea3n tr\u1ecb\u200b<\/div>\n<\/li>\n
          • \n
            T\u1eaft ho\u1eb7c g\u1ee1 Splunk Secure Gateway n\u1ebfu ch\u01b0a c\u1ea7n thi\u1ebft\u200b<\/div>\n<\/li>\n
          • \n
            Ph\u00e2n t\u00e1ch m\u1ea1ng cho h\u1ec7 th\u1ed1ng SIEM\/SOC\u200b<\/div>\n<\/li>\n
          • \n
            Theo d\u00f5i log ghi file b\u1ea5t th\u01b0\u1eddng tr\u00ean m\u00e1y ch\u1ee7 Splunk\u200b<\/div>\n<\/li>\n
          • \n
            R\u00e0 so\u00e1t c\u00e1c t\u00e0i kho\u1ea3n v\u00e0 token \u0111\u00e3 l\u01b0u trong h\u1ec7 th\u1ed1ng\u200b<\/div>\n<\/li>\n
          • \n
            Ki\u1ec3m tra d\u1ea5u hi\u1ec7u th\u1ef1c thi command tr\u00e1i ph\u00e9p\u200b<\/div>\n<\/li>\n<\/ul>\n
            \u0110\u1ed1i v\u1edbi CVE-2026-20253, Splunk x\u00e1c nh\u1eadn hi\u1ec7n kh\u00f4ng c\u00f3 bi\u1ec7n ph\u00e1p gi\u1ea3m thi\u1ec3u ho\u00e0n ch\u1ec9nh ngo\u00e0i c\u1eadp nh\u1eadt b\u1ea3n v\u00e1. V\u1ee5 vi\u1ec7c ti\u1ebfp t\u1ee5c cho th\u1ea5y c\u00e1c n\u1ec1n t\u1ea3ng gi\u00e1m s\u00e1t v\u00e0 b\u1ea3o m\u1eadt doanh nghi\u1ec7p \u0111ang tr\u1edf th\u00e0nh m\u1ee5c ti\u00eau \u01b0u ti\u00ean c\u1ee7a tin t\u1eb7c. N\u1ebfu tr\u01b0\u1edbc \u0111\u00e2y hacker ch\u1ee7 y\u1ebfu nh\u1eafm v\u00e0o m\u00e1y tr\u1ea1m ho\u1eb7c email ng\u01b0\u1eddi d\u00f9ng, th\u00ec hi\u1ec7n nay c\u00e1c h\u1ec7 th\u1ed1ng SIEM, qu\u1ea3n l\u00fd log v\u00e0 gi\u00e1m s\u00e1t h\u1ea1 t\u1ea7ng nh\u01b0 Splunk \u0111ang d\u1ea7n tr\u1edf th\u00e0nh \u201cc\u1eeda ng\u00f5 trung t\u00e2m\u201d \u0111\u1ec3 chi\u1ebfm quy\u1ec1n to\u00e0n b\u1ed9 m\u1ea1ng doanh nghi\u1ec7p.\u200b<\/div>\n","protected":false},"excerpt":{"rendered":"

            N\u1ec1n t\u1ea3ng ph\u00e2n t\u00edch d\u1eef li\u1ec7u v\u00e0 gi\u00e1m s\u00e1t h\u1ec7 th\u1ed1ng Splunk v\u1eeba ph\u00e1t h\u00e0nh b\u1ea3n v\u00e1 cho m\u1ed9t l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt c\u1ef1c k\u1ef3 nghi\u00eam tr\u1ecdng trong Splunk Enterprise c\u00f3 th\u1ec3 cho ph\u00e9p tin t\u1eb7c th\u1ef1c thi m\u00e3 t\u1eeb xa m\u00e0 kh\u00f4ng c\u1ea7n x\u00e1c th\u1ef1c. C\u00e1c chuy\u00ean gia c\u1ea3nh b\u00e1o \u0111\u00e2y l\u00e0 d\u1ea1ng l\u1ed7 […]<\/p>\n","protected":false},"author":20,"featured_media":48043,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"tdm_status":"","tdm_grid_status":"","footnotes":""},"categories":[3,24,35],"tags":[],"class_list":["post-48042","post","type-post","status-publish","format-standard","has-post-thumbnail","category-canh-bao-khuyen-nghi","category-tin-noi-bat","category-tin-tuc-su-kien"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/48042","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/comments?post=48042"}],"version-history":[{"count":1,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/48042\/revisions"}],"predecessor-version":[{"id":48044,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/48042\/revisions\/48044"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media\/48043"}],"wp:attachment":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media?parent=48042"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/categories?post=48042"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/tags?post=48042"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}