CVE-2024-36983

Summary

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From there, the user could execute arbitrary code on the Splunk platform Instance.

Affected Software

VendorProductVersion RangeStatus
SplunkSplunk Enterprise9.2 < 9.2.2affected
SplunkSplunk Enterprise9.1 < 9.1.5affected
SplunkSplunk Enterprise9.0 < 9.0.10affected
SplunkSplunk Cloud Platform9.1.2312 < 9.1.2312.109affected
SplunkSplunk Cloud Platform9.1.2308 < 9.1.2308.207affected

Weaknesses

  • CWE-77: The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References