Security News > 2024 > July > Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991)

Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991)
2024-07-18 14:51

A recently fixed vulnerability affecting Splunk Enterprise on Windows "Is more severe than it initially appeared," according to SonicWall's threat researchers.

Splunk Enterprise is a data analytics and monitoring platform that allows organization to collect and analyze machine-generated data from a variety of sources, such as network and security devices, servers, etc.

It can be exploited with a specially crafted GET request, and allows an attacker to perform a directory listing on the Splunk endpoint.

CVE-2024-36991 affects Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10, but only on Windows, and only if the Splunk Web component is turned on.

"Although Splunk is famous mainly for dev environments, up to 230k exposed servers are running Splunk according to Fofa," the threat researchers noted, and advised admins to implement the patch immediately.

Disabling Splunk Web also removes the risk of exploitation, though upgrading to a fixed version is preferred.


News URL

https://www.helpnetsecurity.com/2024/07/18/cve-2024-36991-poc/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-07-01 CVE-2024-36991 Path Traversal vulnerability in Splunk
In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows.
network
low complexity
splunk CWE-22
7.5
7.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Splunk 14 11 86 78 12 187