Splunk on Monday announced fixes for 11 vulnerabilities in Splunk Enterprise, two of which are high-severity bugs leading to remote code execution on Windows systems.
The most severe of the flaws is CVE-2024-45733 (CVSS score of 8.8), an insecure session storage configuration issue that could allow a user without ‘admin’ or ‘power’ Splunk roles to execute code remotely.
According to Splunk, only instances running on Windows machines are affected by this vulnerability. Instances that do not run Splunk Web are not impacted either.
Splunk Enterprise versions 9.2.3 and 9.1.6 resolve this vulnerability, along with CVE-2024-45731 (CVSS score of 8.0), an arbitrary file write defect leading to remote code execution. Splunk Enterprise version 9.3.1 also includes patches for this bug.
The issue allows a user without the ‘admin’ or ‘power’ Splunk roles to “write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for Windows is installed on a separate drive. The user could potentially write a malicious DLL which, if loaded, could result in a remote execution of the code within that DLL,” Splunk says.
Splunk Enterprise for Windows instances that are not installed on a separate disk are not affected by this bug.
On Monday, Splunk also announced fixes for CVE-2024-45732, a high-severity information disclosure flaw in Splunk Enterprise and Splunk Cloud Platform that could allow a low-privileged user to run a search as the ‘nobody’ Splunk role and access potentially restricted data.
Patches were included in Splunk Enterprise versions 9.3.1 and 9.2.3, and in Splunk Cloud Platform versions 9.2.2403.103, 9.1.2312.110, 9.1.2312.200, and 9.1.2308.208.
The latest Splunk Enterprise releases also fix dozens of vulnerabilities in third-party packages used in the product, Splunk announced.
Patches were also announced for eight medium-severity flaws in Splunk Enterprise that could lead to the execution of JavaScript code, the exposure of plaintext passwords and other configuration settings, unauthorized modifications to settings, Splunk daemon crashes, and the exposure of public/private keys and other data.
Splunk has released detections for most of these vulnerabilities. Additional information can be found on the company’s security advisories page.
Related: Juniper Networks Patches Dozens of Vulnerabilities
Related: Cisco Patches Critical Vulnerability in Data Center Management Product
Related: 26 Security Issues Patched in TeamCity
Related: Critical Vulnerabilities Patched in Synology Routers
