Multiple Flaws in Splunk Enterprise Let Attackers Execute Arbitrary Code

by Esmeralda McKenzie
Multiple Flaws in Splunk Enterprise Let Attackers Execute Arbitrary Code

Multiple Flaws in Splunk Enterprise Let Attackers Execute Arbitrary Code

Just a few Flaws in Splunk Enterprise

Splunk is a software program platform designed to search, analyze, and visualize machine-generated info from more than just a few sources, including internet sites, applications, sensors, and devices.

In 2024, Splunk became once obtained by Cisco, which goals to leverage Splunk’s capabilities to enhance digital resilience across its customer spoiled.

EHA

Splunk has released security updates to address a pair of indispensable vulnerabilities in Splunk Enterprise that might well possibly allow attackers to invent arbitrary code remotely.

The flaws learned by each and every internal and external security researchers affect Splunk Enterprise versions 9.0.x, 9.1.x, and 9.2.x.

The firm urges users to update their programs true now to mitigate doubtless risks.

Amongst the most severe issues patched are:

  • CVE-2024-36984: This vulnerability permits an authenticated user to invent arbitrary code via serialized session payloads. The exploit involves utilizing the glean SPL uncover to jot down a file at some level of the Splunk Enterprise installation, which might then be used to submit a serialized payload, main to code execution. This flaw affects Splunk Enterprise versions under 9.2.2, 9.1.5, and 9.0.10 on Windows.
  • CVE-2024-36985: A low-privileged user can motive distant code execution via an external look up that references the splunk_archiver software program. The vulnerability stems from a script referred to as copybuckets.py at some level of the software program, which references another script (erp_launcher.py) that executes a bash shell with arguments equipped by the user, main to doubtless RCE. This affects Splunk Enterprise versions under 9.2.2, 9.1.5, and 9.0.10.
  • CVE-2024-36991: Crucial aspects about this particular CVE own been now not explicitly learned in the advisory, however it is part of the serious vulnerabilities patched in the most fresh update.
  • CVE-2024-36983: This vulnerability involves uncover injection utilizing external lookups. An authenticated user can rep an external look up that calls a deprecated internal characteristic, allowing code injection and execution at some level of the Splunk platform occasion. This affects versions under 9.2.2, 9.1.5, and 9.0.10.
  • CVE-2024-36982: This flaw permits an attacker to trigger a null pointer reference on the cluster/config REST endpoint, main to a rupture of the Splunk daemon. This affects versions under 9.2.2, 9.1.5, and 9.0.10.

Furthermore, a whole lot of imperfect-space scripting (XSS) vulnerabilities own been addressed that might well possibly allow attackers to invent malicious JavaScript in users’ browsers.

The most modern updates from Splunk, which own been rolled out on Monday, additionally aim medium-severity vulnerabilities that affect each and every the Enterprise and Cloud Platform products.

Splunk strongly recommends users strengthen to the most fresh patched versions:

  • 9.0.10 or later
  • 9.1.5 or later
  • 9.2.2 or later

The firm noted that Splunk Cloud Platform conditions are additionally being patched and monitored.

These vulnerabilities highlight the importance of promptly making mumble of security updates, in particular for serious endeavor software program like Splunk, which assuredly processes sensitive info. Organizations utilizing affected versions of Splunk Enterprise ought to prioritize upgrading to mitigate the possibility of exploitation.

Source credit : cybersecuritynews.com

Related Posts