CVE-2024-23678

CVSS v3.1

8.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3

Description The issue is related to the incorrect sanitization of path input data, resulting in the unsafe deserialization of untrusted data from a separate disk partition on the machine. This can potentially impact the integrity, availability, and confidentiality of protected information.

Recommendations For versions below 9.0.8, update to version 9.0.8 or later. For versions below 9.1.3, update to version 9.1.3 or later. As a temporary workaround, consider restricting access to sensitive data and implementing additional security measures to minimize the risk of exploitation.

Fix

Deserialization of Untrusted Data

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502CWE-20

Related Identifiers

BDU:2024-00721

CVE-2024-23678

Affected Products

Splunk Enterprise

CVE-2024-23678

Weakness Enumeration

Related Identifiers

Affected Products

References · 14