CVE-2024-36985

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10, a low-privileged user that does not hold the admin or power Splunk roles could cause a Remote Code Execution through an external lookup that references the “splunk_archiver“ application.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://advisory.splunk.com/advisories/SVD-2024-0705
https://research.splunk.com/application/8598f9de-bba8-42a4-8ef0-12e1adda4131

Configurations

No configuration.

History

08 Jul 2024, 14:18

Type	Values Removed	Values Added
CWE		CWE-253

02 Jul 2024, 12:09

Type	Values Removed	Values Added
Summary		(es) En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10, un usuario con pocos privilegios que no tenga los roles de administrador o poder de Splunk podría provocar una ejecución remota de código a través de una búsqueda externa que haga referencia a la aplicación "splunk_archiver". .

01 Jul 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-01 17:15

Updated : 2024-07-08 14:18

NVD link : CVE-2024-36985

Mitre link : CVE-2024-36985

CVE.ORG link : CVE-2024-36985

JSON object : View

Products Affected

No product.

CWE

CWE-687

Function Call With Incorrectly Specified Argument Value

CWE-253

Incorrect Check of Function Return Value

8.8 /10