CVE-2024-36983

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From there, the user could execute arbitrary code on the Splunk platform Instance.

CVSS v3.0 8.8 HIGH

8.8^/10

CVSS v3.0 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://advisory.splunk.com/advisories/SVD-2024-0703	Vendor Advisory
https://advisory.splunk.com/advisories/SVD-2024-0703	Vendor Advisory
https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/	Tool Signature
https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/	Tool Signature

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk_cloud_platform::::::::
	cpe:2.3:a:splunk:splunk_cloud_platform::::::::

History

07 Mar 2025, 16:48

Type	Values Removed	Values Added
CPE		cpe:2.3:a:splunk:splunk_cloud_platform:::::::: cpe:2.3:a:splunk:splunk:::::enterprise:::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
CWE		CWE-77
First Time		Splunk Splunk splunk Cloud Platform Splunk splunk
References	~~() https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/ -~~	() https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/ - Tool Signature
References	~~() https://advisory.splunk.com/advisories/SVD-2024-0703 -~~	() https://advisory.splunk.com/advisories/SVD-2024-0703 - Vendor Advisory

01 Jul 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-01 17:15

Updated : 2025-03-07 17:13

NVD link : CVE-2024-36983

Mitre link : CVE-2024-36983

JSON object : View

Products Affected

splunk

splunk
splunk_cloud_platform

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://advisory.splunk.com/advisories/SVD-2024-0703", "name": "https://advisory.splunk.com/advisories/SVD-2024-0703", "tags": ["Vendor Advisory"], "refsource": ""}, {"url": "https://advisory.splunk.com/advisories/SVD-2024-0703", "name": "https://advisory.splunk.com/advisories/SVD-2024-0703", "tags": ["Vendor Advisory"], "refsource": ""}, {"url": "https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/", "name": "https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/", "tags": ["Tool Signature"], "refsource": ""}, {"url": "https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/", "name": "https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/", "tags": ["Tool Signature"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From there, the user could execute arbitrary code on the Splunk platform Instance."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-77"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-36983", "ASSIGNER": "prodsec@splunk.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}}, "publishedDate": "2024-07-01T17:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "9.0.10", "versionStartIncluding": "9.0.0"}, {"cpe23Uri": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "9.1.5", "versionStartIncluding": "9.1.0"}, {"cpe23Uri": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "9.2.2", "versionStartIncluding": "9.2.0"}, {"cpe23Uri": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "9.1.2308.207", "versionStartIncluding": "9.1.2308"}, {"cpe23Uri": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "9.1.2312.109", "versionStartIncluding": "9.1.2312"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-03-07T17:13Z"}