Splunk fixed high-severity flaw impacting Windows versions

Pierluigi Paganini January 24, 2024

Splunk addressed multiple vulnerabilities in Splunk Enterprise, including a high-severity flaw impacting Windows installs.

Splunk addressed multiple vulnerabilities in Splunk Enterprise, including a high-severity flaw, tracked as CVE-2024-23678 (CVSS score 7.5), impacting the Windows version.

According to the advisory, Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3 does not correctly sanitize path input data. This results in the unsafe deserialization of untrusted data from a separate disk partition on the machine.

Deserialization of untrusted data can allow malicious code to be executed on the system. This is because the serialized data can contain instructions that the application will execute when it deserializes the data. For example, if an application deserializes a malicious JSON object, the object could contain JavaScript code that would be executed when the application parses the JSON object.

This vulnerability only affects Splunk Enterprise for Windows.

Customers are recommended to upgrade versions 9.0.8, 9.1.3, or higher. The vendor pointed out that the vulnerability does not affect the Cloud Platform.

The issue was discovered by Danylo Dmytriiev (DDV_UA).

The company did not reveal if it is aware of attacks in the wild exploiting this vulnerability.

Below are other vulnerabilities addressed by the company:

SVD-2024-01072024-01-22Server Response Disclosure in RapidDiag Salesforce.com Log FileMediumCVE-2024-23677
SVD-2024-01062024-01-22Sensitive Information Disclosure of Index Metrics through “mrollup” SPL CommandMediumCVE-2024-23676
SVD-2024-01052024-01-22Splunk App Key Value Store (KV Store) Improper Handling of Permissions Leads to KV Store Collection DeletionMediumCVE-2024-23675

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CVE-2024-23678)

you might also like

leave a comment