CVE-2024-36983

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From there, the user could execute arbitrary code on the Splunk platform Instance.

CVSS v3 8.0 HIGH

8.0^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://advisory.splunk.com/advisories/SVD-2024-0703
https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/

Configurations

No configuration.

History

No history.

Information

Published : 2024-07-01 17:15

Updated : 2024-07-08 14:18

NVD link : CVE-2024-36983

Mitre link : CVE-2024-36983

CVE.ORG link : CVE-2024-36983

JSON object : View

Products Affected

No product.

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-75

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)

8.0 /10