Man
Professional
- Messages
- 3,038
- Reaction score
- 561
- Points
- 113
The vulnerabilities affect several of the company's popular products at once.
Splunk, a leader in data analytics and monitoring, has disclosed 12 recent vulnerabilities in its Splunk Enterprise for Windows product that allow attackers to remotely execute code (RCE).
On October 14, 2024, the company published a series of security notices describing the identified issues. All of them have been classified as highly hazardous because they can seriously compromise the integrity and protection of vulnerable systems.
Vulnerabilities identified in Splunk Enterprise include:
All of the above vulnerabilities open up the possibility for attackers to gain unauthorized access, execute arbitrary commands or disrupt services, which can lead to data leaks or system failures.
Splunk strongly recommends that customers patch their installations immediately to address identified vulnerabilities. To do this, you need to install updates to the following versions: 9.3.0, 9.2.3, or 9.1.6, depending on the version of Splunk Enterprise you are using.
In addition, in addition to Splunk Enterprise, some vulnerabilities also affect the company's other products, including Splunk Cloud Platform (CVE-2024-45732, CVE-2024-45736, CVE-2024-45737, CVE-2024-45740, CVE-2024-45741) and Splunk Secure Gateway (CVE-2024-45735). It is recommended to look at the current safe versions of these products separately.
In addition to installing updates, companies using Splunk products should review their security settings to minimize the risks of exploiting vulnerabilities. We also recommend that you contact Splunk Support for more information or questions.
Source
Splunk, a leader in data analytics and monitoring, has disclosed 12 recent vulnerabilities in its Splunk Enterprise for Windows product that allow attackers to remotely execute code (RCE).
On October 14, 2024, the company published a series of security notices describing the identified issues. All of them have been classified as highly hazardous because they can seriously compromise the integrity and protection of vulnerable systems.
Vulnerabilities identified in Splunk Enterprise include:
- SVD-2024-1012 — vulnerabilities in third-party packages.
- CVE-2024-45731 – Ability to execute arbitrary commands by writing files to the root directory of the Windows system if Splunk is installed on a separate disk.
- CVE-2024-45732 - A low-privileged user can run searches in the SplunkDeploymentServerConfig application.
- CVE-2024-45733 - Remote Code Execution (RCE) due to an incorrect configuration of session storage in Splunk Enterprise on Windows.
- CVE-2024-45734 – Viewing images on the host machine via PDF export to Splunk Classic Dashboard by low-privileged users.
- CVE-2024-45735 – Insufficient access control for low-privileged users in the Splunk Secure Gateway application.
- CVE-2024-45736 – Splunk Daemon crash due to incorrectly formatted "INGEST_EVAL" parameter.
- CVE-2024-45737 – Change in the state of the App Key Value Store servicing mode via a cross-site request forgery (CSRF) attack.
- CVE-2024-45738 – Confidential information leaked through logs in the REST_Calls logging channel.
- CVE-2024-45739 – Disclosure of confidential information via logs in the AdminManager logging channel.
- CVE-2024-45740 – Cross-site scripting (XSS) via scheduled views in Splunk Enterprise.
- CVE-2024-45741 is a cross-site scripting (XSS) vulnerability in the props.conf configuration file in Splunk Enterprise.
All of the above vulnerabilities open up the possibility for attackers to gain unauthorized access, execute arbitrary commands or disrupt services, which can lead to data leaks or system failures.
Splunk strongly recommends that customers patch their installations immediately to address identified vulnerabilities. To do this, you need to install updates to the following versions: 9.3.0, 9.2.3, or 9.1.6, depending on the version of Splunk Enterprise you are using.
In addition, in addition to Splunk Enterprise, some vulnerabilities also affect the company's other products, including Splunk Cloud Platform (CVE-2024-45732, CVE-2024-45736, CVE-2024-45737, CVE-2024-45740, CVE-2024-45741) and Splunk Secure Gateway (CVE-2024-45735). It is recommended to look at the current safe versions of these products separately.
In addition to installing updates, companies using Splunk products should review their security settings to minimize the risks of exploiting vulnerabilities. We also recommend that you contact Splunk Support for more information or questions.
Source
