Summary
Splunk has released security updates to address vulnerabilities, including 4 with a “high” severity, in its popular Enterprise and Cloud Platform network traffic analysis products.
Note (updated 08/07/2024): A Proof of Concept (PoC) for exploiting CVE-2024-36991 is available online
Risk
Vulnerability impact estimate on the reference community: HIGH/ORANGE (65.12/100)1.
Type
- Remote Code Execution
- Arbitrary File Read
Affected Products and Versions
Splunk
- Enterprise 9.0.x, versions prior to 9.0.10
- Enterprise 9.1.x, versions prior to 9.1.5
- Enterprise 9.2.x, versions prior to 9.2.2
- Cloud Platform 9.1.2308.x, versions prior to 9.1.2308.207
- Cloud Platform 9.1.2312.x, from version 9.1.2312.100 to 9.1.2312.108
Mitigation Actions
In line with vendor statements, it is recommended to apply the available mitigations following the indications reported in the security bulletin in the References section.
Unique Vulnerability Identifiers – Updated 04/07/2024
The following are the CVEs for vulnerabilities with severity “high”:
References
https://advisory.splunk.com//advisories/SVD-2024-0704
https://advisory.splunk.com//advisories/SVD-2024-0705
https://advisory.splunk.com//advisories/SVD-2024-0703
https://advisory.splunk.com//advisories/SVD-2024-0711
https://advisory.splunk.com/?301=/en_us/product-security.html
1This estimate It is carried out taking into account various parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
