High-Severity Vulnerability Patched in Splunk Enterprise

High-Severity Vulnerability Patched in Splunk Enterprise

January 23, 2024 at 09:12AM

Splunk announced patches for multiple vulnerabilities, including a high-severity bug (CVE-2024-23678) affecting Splunk Enterprise on Windows, allowing unsafe deserialization leading to potential denial of service, application logic abuse, or code execution. Other medium-severity vulnerabilities and flaws in third-party packages were also resolved in versions 9.0.8 and 9.1.3. Splunk recommends upgrading to these versions.

Based on the meeting notes, the key takeaways are:

1. Splunk announced patches for multiple vulnerabilities in Splunk Enterprise, including a high-severity bug affecting Windows instances (CVE-2024-23678).
2. The high-severity flaw (CVE-2024-23678) is related to incorrect sanitization of path input data leading to unsafe deserialization of untrusted data, potentially resulting in denial of service, abuse of application logic, or execution of arbitrary code.
3. CVE-2024-23678 only impacts Splunk Enterprise for Windows and was resolved in version 9.0.8 and 9.1.3.
4. The patches also resolve several other medium-severity vulnerabilities and multiple flaws in third-party packages used within the data monitoring and analysis solution.
5. Splunk recommends that all customers upgrade their Splunk Enterprise installations to version 9.0.8, 9.1.3, or higher.
6. Splunk makes no mention of these security issues being exploited in malicious attacks.
7. Additional information on the resolved vulnerabilities can be found on Splunk’s security advisories page.

Let me know if you need further details on any of the points.

Full Article