Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Splunk Enterprise Update Patches Remote Code Execution Vulnerabilities

Splunk has released patches for multiple vulnerabilities in Splunk Enterprise, including two high-severity remote code execution flaws.

Splunk on Monday announced fixes for 11 vulnerabilities in Splunk Enterprise, two of which are high-severity bugs leading to remote code execution on Windows systems.

The most severe of the flaws is CVE-2024-45733 (CVSS score of 8.8), an insecure session storage configuration issue that could allow a user without ‘admin’ or ‘power’ Splunk roles to execute code remotely.

According to Splunk, only instances running on Windows machines are affected by this vulnerability. Instances that do not run Splunk Web are not impacted either.

Splunk Enterprise versions 9.2.3 and 9.1.6 resolve this vulnerability, along with CVE-2024-45731 (CVSS score of 8.0), an arbitrary file write defect leading to remote code execution. Splunk Enterprise version 9.3.1 also includes patches for this bug.

The issue allows a user without the ‘admin’ or ‘power’ Splunk roles to “write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for Windows is installed on a separate drive. The user could potentially write a malicious DLL which, if loaded, could result in a remote execution of the code within that DLL,” Splunk says.

Splunk Enterprise for Windows instances that are not installed on a separate disk are not affected by this bug.

On Monday, Splunk also announced fixes for CVE-2024-45732, a high-severity information disclosure flaw in Splunk Enterprise and Splunk Cloud Platform that could allow a low-privileged user to run a search as the ‘nobody’ Splunk role and access potentially restricted data.

Patches were included in Splunk Enterprise versions 9.3.1 and 9.2.3, and in Splunk Cloud Platform versions 9.2.2403.103, 9.1.2312.110, 9.1.2312.200, and 9.1.2308.208.

Advertisement. Scroll to continue reading.

The latest Splunk Enterprise releases also fix dozens of vulnerabilities in third-party packages used in the product, Splunk announced.

Patches were also announced for eight medium-severity flaws in Splunk Enterprise that could lead to the execution of JavaScript code, the exposure of plaintext passwords and other configuration settings, unauthorized modifications to settings, Splunk daemon crashes, and the exposure of public/private keys and other data.

Splunk has released detections for most of these vulnerabilities. Additional information can be found on the company’s security advisories page.

Related: Juniper Networks Patches Dozens of Vulnerabilities

Related: Cisco Patches Critical Vulnerability in Data Center Management Product

Related: 26 Security Issues Patched in TeamCity

Related: Critical Vulnerabilities Patched in Synology Routers

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Mike Byron has been named Chief Financial Officer (CFO) at Exabeam.

Ex-GitHub chief technology officer Mike Hanley has joined GM as CISO.

Network security and compliance assurance firm Titania has appointed Victoria Dimmick as CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.