PoC Exploit Released For Splunk Enterprise Local File Inclusion Vulnerability

A proof-of-thought (PoC) exploit has been launched for a serious local file inclusion vulnerability in Splunk Endeavor, identified as CVE-2024-36991.

This vulnerability impacts Splunk Endeavor variations under 9.2.2, 9.1.5, and 9.0.10, particularly on House windows programs.

The vulnerability arises from a flaw within the Python os.path.join just improperly handles route tokens by placing off the pressure letter if it matches the pressure within the built route.

This flaw enables an attacker to acquire a route traversal assault on the endpoint, doubtlessly enabling unauthorized obtain right of entry to to soft information on the machine. The difficulty is confined to conditions of Splunk Endeavor running on House windows with Splunk Net-enabled.

Exploit Information

The PoC exploit for CVE-2024-36991, developed by security researcher Danylo Dmytriiev, demonstrates how an attacker can leverage this vulnerability to learn the passwd file on a Splunk Endeavor server.

The exploit script requires Python 3.6 or bigger, and the requests library. It might possibly possibly presumably well aim a single URL or scan extra than one targets listed in a file.

Usage Instructions:

• Single Purpose:

  python CVE-2024-36991.py -u https://target:9090

• Bulk Scan:

  python CVE-2024-36991.py -f targets.txt

Mitigation and Suggestions

To guard against this vulnerability, it’s urged to enhance Splunk Endeavor to variations 9.2.2, 9.1.5, or 9.0.10 or bigger. As an extra precaution, administrators can disable Splunk Net if it’s no longer required. Instructions for disabling Splunk Net will even be verbalize within the web.conf configuration specification file.

The vulnerability has been rated with excessive severity, carrying a CVSSv3 obtain of seven.5. It poses a wide disaster, allowing some distance off, unauthenticated attackers to learn soft info from arbitrary information on the affected programs.

Given the opportunity of information disclosure, administrators must apply the urged updates and mitigations promptly.

Organizations using Splunk Endeavor on House windows need to restful prioritize upgrading to the most up-to-date variations and occupy in mind disabling pointless substances to mitigate the disaster of exploitation.