PT-2024-7380 · Splunk · Splunk Enterprise
Alex Hordijk
+1
·
Published
2024-10-14
·
Updated
2024-10-19
·
CVE-2024-45731
CVSS v3.1
8.0
High
| Vector | AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Splunk Enterprise for Windows versions prior to 9.3.1
Splunk Enterprise for Windows versions prior to 9.2.3
Splunk Enterprise for Windows versions prior to 9.1.6
Description:
The issue is related to incorrect restriction of the directory path name with limited access. A low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for Windows is installed on a separate drive. This could potentially lead to arbitrary file writing and remote code execution.
Recommendations:
For versions prior to 9.3.1, update to version 9.3.1 or later.
For versions prior to 9.2.3, update to version 9.2.3 or later.
For versions prior to 9.1.6, update to version 9.1.6 or later.
Fix
Path traversal
Relative Path Traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Splunk Enterprise