CVE-2024-45736

Summary

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a search query with an improperly formatted "INGEST_EVAL" parameter as part of a Field Transformation which could crash the Splunk daemon (splunkd).

Affected Software

VendorProductVersion RangeStatus
SplunkSplunk Enterprise9.3 < 9.3.1affected
SplunkSplunk Enterprise9.2 < 9.2.3affected
SplunkSplunk Enterprise9.1 < 9.1.6affected
SplunkSplunk Cloud Platform9.2.2403 < 9.2.2403.107affected
SplunkSplunk Cloud Platform9.1.2312 < 9.1.2312.204affected
SplunkSplunk Cloud Platform9.1.2312 < 9.1.2312.111affected

Weaknesses

  • CWE-400: The software does not properly control the allocation and maintenance of a limited resource thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References