On October 14, 2024, Splunk, a leading data analytics and monitoring company, disclosed 12 new vulnerabilities in their Splunk Enterprise product for Windows, potentially enabling attackers to execute remote code. The company published a series of security advisories outlining the identified issues, all of which were deemed highly critical due to their potential to compromise the integrity and security of vulnerable systems.
Among the vulnerabilities found in Splunk Enterprise are:
- SVD-2024-1012 – a vulnerability in third-party vendor packages.
- cve-2024-45731 – potential execution of arbitrary commands by writing files to the root Windows directory when Splunk is installed on a separate disk.
- cve-2024-45732 – allowing low-privileged users to run search queries in the SPLUNKDEPLOYMENS application.
- cve-2024-45733 – remote code execution due to improper session configuration in Splunk Enterprise on Windows.
- cve-2024-45734 – potential viewing of images on a host machine through the PDF export function in Splunk Classic Dashboard by low-privileged users.
- cve-2024-45735 – inadequate access control for low-privileged users in the Splunk Secure Gateway application.
- cve-2024-45736 – crashing of Splunk Daemon due to
/Reports, release notes, official announcements.