CVE-2024-36985

Description

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10, a low-privileged user that does not hold the admin or power Splunk roles could cause a Remote Code Execution through an external lookup that references the “splunk_archiver“ application.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Splunk / Splunk Enterprise9.2 – 9.2.2
Splunk / Splunk Enterprise9.1 – 9.1.5
Splunk / Splunk Enterprise9.0 – 9.0.10

References

VENDOR_ADVISORYhttps://advisory.splunk.com/advisories/SVD-2024-0705
MISChttps://research.splunk.com/application/8598f9de-bba8-42a4-8ef0-12e1adda4131