CVE-2024-36983
8
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From there, the user could execute arbitrary code on the Splunk platform Instance.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Splunk | Splunk Enterprise | 9.2 < 9.2.2 | affected |
| Splunk | Splunk Enterprise | 9.1 < 9.1.5 | affected |
| Splunk | Splunk Enterprise | 9.0 < 9.0.10 | affected |
| Splunk | Splunk Cloud Platform | 9.1.2312 < 9.1.2312.109 | affected |
| Splunk | Splunk Cloud Platform | 9.1.2308 < 9.1.2308.207 | affected |
Weaknesses
- CWE-77: The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
- https://advisory.splunk.com/advisories/SVD-2024-0703
- https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/
References
- https://advisory.splunk.com/advisories/SVD-2024-0703
- https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.