CVE-2024-53247

Summary

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.4.261 and 3.7.13 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could perform a Remote Code Execution (RCE).

Affected Software

VendorProductVersion RangeStatus
SplunkSplunk Enterprise9.3 < 9.3.2affected
SplunkSplunk Enterprise9.2 < 9.2.4affected
SplunkSplunk Enterprise9.1 < 9.1.7affected
SplunkSplunk Secure Gateway3.7 < 3.7.13affected
SplunkSplunk Secure Gateway3.4 < 3.4.261affected

Weaknesses

  • CWE-502: The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References