Splunk Enterprise harbors multiple vulnerabilities, including Cross-site Scripting (XSS), Denial of Service (DoS), Remote Code Execution, Privilege Escalation, and Path Traversal, with severity ratings ranging from 6.3 (Medium) to 8.8 (High).
Addressing these concerns, Splunk has issued security advisories detailing patches for these vulnerabilities.
CVE-2023-40592: Reflected Cross-Site Scripting (XSS) This vulnerability permits attackers to execute arbitrary commands on the Splunk Platform via crafted web requests directed at the “/app/search/table” endpoint. It stems from inadequate input validation, warranting a CVSS score of 8.4 (High).
CVE-2023-40593: Denial Of Service (DoS) By sending malformed SAML requests to the “/saml/acs” REST endpoint, threat actors can trigger a Denial of Service (DoS) scenario. The vulnerability lies in the failure of the SAML XML parser to properly validate signatures for malformed URIs, scoring a CVSS of 6.3 (Medium).
CVE-2023-40594: Denial Of Service (DoS) The improper expression validation within the printf function, especially in conjunction with commands like “fieldformat,” allows attackers to orchestrate a DoS attack. This vulnerability rates at a CVSS of 6.5 (Medium).
CVE-2023-40595: Remote Code Execution Exploiting this flaw involves sending a specially crafted query capable of serializing untrusted data to execute arbitrary code on the Splunk Enterprise platform. The severity of this vulnerability warrants a CVSS score of 8.8 (High).
CVE-2023-40596: Splunk Enterprise On Windows Privilege Escalation Arising from an insecure path in the OPENSSLDIR build definition, this vulnerability facilitates privilege escalation by enabling the installation of malicious code through directory structure manipulation. Rated at a CVSS of 7.0 (High).
CVE-2023-40597: Absolute Path Traversal With write access to the drive on Splunk Enterprise instances, attackers can leverage the “runshellscript.py” script’s inadequate user validation to execute scripts on the root directory of another disk. This vulnerability permits absolute path traversal for arbitrary code execution, earning a CVSS score of 7.8 (High).