Splunk Enterprise Windows (before 9.3.1) Low-Priv Write to System32
CVE-2024-45731 Published on October 14, 2024
Potential Remote Command Execution (RCE) through arbitrary file write to Windows system root directory when Splunk Enterprise for Windows is installed on a separate disk
In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for Windows is installed on a separate drive.
Weakness Type
Relative Path Traversal
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.
Products Associated with CVE-2024-45731
Want to know whenever a new CVE is published for Splunk? stack.watch will email you.
Affected Versions
Splunk Enterprise:- Version 9.3 and below 9.3.1 is affected.
- Version 9.2 and below 9.2.3 is affected.
- Version 9.1 and below 9.1.6 is affected.
- Version 9.3 and below 9.3.1 is affected.
- Version 9.2 and below 9.2.3 is affected.
- Version 9.1 and below 9.1.6 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.