Security News > 2024 > July > Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991)
A recently fixed vulnerability affecting Splunk Enterprise on Windows "Is more severe than it initially appeared," according to SonicWall's threat researchers.
Splunk Enterprise is a data analytics and monitoring platform that allows organization to collect and analyze machine-generated data from a variety of sources, such as network and security devices, servers, etc.
It can be exploited with a specially crafted GET request, and allows an attacker to perform a directory listing on the Splunk endpoint.
CVE-2024-36991 affects Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10, but only on Windows, and only if the Splunk Web component is turned on.
"Although Splunk is famous mainly for dev environments, up to 230k exposed servers are running Splunk according to Fofa," the threat researchers noted, and advised admins to implement the patch immediately.
Disabling Splunk Web also removes the risk of exploitation, though upgrading to a fixed version is preferred.
News URL
https://www.helpnetsecurity.com/2024/07/18/cve-2024-36991-poc/
Related news
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) (source)
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
- CrushFTP CEO's feisty response to VulnCheck's CVE for critical make-me-admin bug (source)
- Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857) (source)
- MITRE warns that funding for critical CVE program expires today (source)
- CISA extends funding to ensure 'no lapse in critical CVE services' (source)
- PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- Critical SAP NetWeaver flaw exploited by suspected initial access broker (CVE-2025-31324) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-01 | CVE-2024-36991 | Path Traversal vulnerability in Splunk In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. | 7.5 |