- 27/2024
- High
Splunk has released security updates to fix several vulnerabilities across multiple Splunk products.
The addressed vulnerabilities could allow the attacker to bypass security restrictions, perform denial of service attacks, obtain sensitive information, or execute arbitrary code and gain access to the affected system.
Sample of the addressed vulnerabilities:
1. Splunk Enterprise Code Execution Vulnerability (CVE-2024-23678):
- CVSS: 7.5
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: Required
- Consequences: Gain Access
2. Splunk Enterprise Denial of Service Vulnerability (CVE-2024-22165):
- CVSS: 6.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Denial of Service
Affected products:
- Splunk Enterprise 9.0.0 to 9.0.7.
- Splunk Enterprise 9.1.0 to 9.1.2.
- Splunk Cloud Versions Below 9.0.2208, 9.1.2308.200, 9.1.2312.100.
- Splunk Enterprise Security (ES) Versions Below 7.1.2.
Vulnerabilities
- CVE-2024-22164
- CVE-2024-22165
- CVE-2024-23675
- CVE-2024-23676
- CVE-2024-23677
- CVE-2024-23678
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.