Splunk: Authenticated Exec via Legacy Internal Function (pre 9.2.2)
CVE-2024-36983 Published on July 1, 2024
Command Injection using External Lookups
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From there, the user could execute arbitrary code on the Splunk platform Instance.
Weakness Type
What is a Command Injection Vulnerability?
The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CVE-2024-36983 has been classified to as a Command Injection vulnerability or weakness.
Products Associated with CVE-2024-36983
stack.watch emails you whenever new vulnerabilities are published in Splunk or Splunk Cloud Platform. Just hit a watch button to start following.
Affected Versions
Splunk Enterprise:- Version 9.2 and below 9.2.2 is affected.
- Version 9.1 and below 9.1.5 is affected.
- Version 9.0 and below 9.0.10 is affected.
- Version 9.1.2312 and below 9.1.2312.109 is affected.
- Version 9.1.2308 and below 9.1.2308.207 is affected.
- Version 9.2 and below 9.2.2 is affected.
- Version 9.1 and below 9.1.5 is affected.
- Version 9.0 and below 9.0.10 is affected.
- Version 9.1.2312 and below 9.1.2312.109 is affected.
- Version 9.1.2308 and below 9.1.2308.207 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.