Lucene search

SplunkVULNRICHMENT:CVE-2024-36984

HistoryJul 01, 2024 - 4:30 p.m.

CVE-2024-36984 Remote Code Execution through Serialized Session Payload in Splunk Enterprise on Windows

2024-07-0116:30:44

Splunk

github.com

cve-2024-36984

remote code execution

splunk enterprise

windows

serialized session payload

authenticated user

specially crafted query

untrusted data

arbitrary code

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

JSON

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Windows, an authenticated user could execute a specially crafted query that they could then use to serialize untrusted data. The attacker could use the query to execute arbitrary code.

CNA Affected

[
  {
    "vendor": "Splunk",
    "product": "Splunk Enterprise",
    "versions": [
      {
        "status": "affected",
        "version": "9.2",
        "lessThan": "9.2.2",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "9.1",
        "lessThan": "9.1.5",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "9.0",
        "lessThan": "9.0.10",
        "versionType": "custom"
      }
    ]
  }
]

References

advisory.splunk.com/advisories/SVD-2024-0704

research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

JSON

Related for VULNRICHMENT:CVE-2024-36984