CVE-2023-40597

Summary

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk.

Affected Software

VendorProductVersion RangeStatus
SplunkSplunk Enterprise8.2 < 8.2.12affected
SplunkSplunk Enterprise9.0 < 9.0.6affected
SplunkSplunk Enterprise9.1 < 9.1.1affected
SplunkSplunk Cloud- < 9.0.2305.200affected

Weaknesses

  • CWE-36: The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as /abs/path that can resolve to a location that is outside of that directory.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References