CVE-2024-36983Command Injection in Cloud Platform

CWE-77Command InjectionCWE-75Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)3 documents3 sources
Severity
8.8HIGHNVD
CNA8.0
EPSS
2.2%
top 15.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Splunk Cloud PlatformSplunk EnterpriseSplunk
Timeline
PublishedJul 1

Description

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From there, the user could execute arbitrary code on the Splunk platform Instance.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

CVEListV5splunk/splunk_cloud_platform9.1.23129.1.2312.109+1
NVDsplunk/splunk_cloud_platform9.1.23089.1.2308.207+1
CVEListV5splunk/splunk_enterprise9.29.2.2+2
NVDsplunk/splunk9.0.09.0.10+2

🔴Vulnerability Details

2
CVEList
Command Injection using External Lookups2024-07-01
GHSA
GHSA-62xc-vffq-mcgg: In Splunk Enterprise versions below 92024-07-01
CVE-2024-36983 — Command Injection in Splunk | cvebase