Remote Code Execution (RCE) due to insecure session storage configuration in Splunk Enterprise on Windows
CVE-2024-45733

8.8HIGH

Key Information:

Vendor

Splunk
Status
Splunk Enterprise
Vendor
CVE Published:
14 October 2024

What is CVE-2024-45733?

A security flaw present in Splunk Enterprise for Windows allows low-privileged users, lacking 'admin' or 'power' roles, to exploit an insecure session storage configuration. This vulnerability permits these users to execute arbitrary code remotely, raising significant security concerns for systems operating on affected versions. Organizations using Splunk Enterprise versions below 9.2.3 and 9.1.6 should prioritize applying necessary patches and access controls to mitigate this risk.

Affected Version(s)

Splunk Enterprise 9.2 < 9.2.3

Splunk Enterprise 9.1 < 9.1.6

References

https://advisory.splunk.com/advisories/SVD-2024-1003
https://research.splunk.com/application/c97e0704-d9c6-454...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

Credit

Alex Hordijk
.