CVE-2024-36983

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From there, the user could execute arbitrary code on the Splunk platform Instance.

CVSS v3 8.0 HIGH

8.0^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://advisory.splunk.com/advisories/SVD-2024-0703
https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/

Configurations

No configuration.

History

08 Jul 2024, 14:18

Type	Values Removed	Values Added
CWE		CWE-75

02 Jul 2024, 12:09

Type	Values Removed	Values Added
Summary		(es) En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.109 y 9.1.2308.207, un usuario autenticado podría crear una búsqueda externa que llame a una función interna heredada. El usuario autenticado podría utilizar esta función interna para insertar código en el directorio de instalación de la plataforma Splunk. Desde allí, el usuario podría ejecutar código arbitrario en la instancia de la plataforma Splunk.

01 Jul 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-01 17:15

Updated : 2024-07-08 14:18

NVD link : CVE-2024-36983

Mitre link : CVE-2024-36983

CVE.ORG link : CVE-2024-36983

JSON object : View

Products Affected

No product.

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-75

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)

8.0 /10