In a significant move to bolster security, Splunk has released a series of critical updates for its Enterprise platform. These updates address multiple vulnerabilities that pose severe risks to the security of systems running affected versions of Splunk Enterprise. Following its acquisition by Cisco in 2024, Splunk is emphasizing the importance of digital resilience across its customer base. The recent vulnerabilities, discovered by both internal and external security researchers, could allow attackers to execute arbitrary code remotely, making these updates crucial for maintaining system integrity.
The vulnerabilities affect Splunk Enterprise versions 9.0.x, 9.1.x, and 9.2.x, with some of the most critical issues identified including CVE-2024-36984, CVE-2024-36985, and CVE-2024-36983. CVE-2024-36984, for instance, allows an authenticated user to execute arbitrary code through serialized session payloads by exploiting the collect SPL command. Another severe flaw, CVE-2024-36985, permits a low-privileged user to cause remote code execution via an external lookup that references the splunk_archiver application. These vulnerabilities underscore the potential for significant security breaches if not promptly addressed.
In response, Splunk has released updates to mitigate these risks, urging users to upgrade to versions 9.0.10, 9.1.5, or 9.2.2. The company has noted that Splunk Cloud Platform instances are also being patched and monitored to ensure comprehensive protection across all deployments. The urgency of these updates cannot be overstated, as the vulnerabilities include remote code execution and command injection capabilities that could be exploited by attackers to gain unauthorized access and control over affected systems.
Additionally, the updates address several cross-site scripting (XSS) vulnerabilities and a critical flaw involving a null pointer reference on the cluster/config REST endpoint, which could cause a crash of the Splunk daemon. Organizations using affected versions of Splunk Enterprise are strongly advised to prioritize these updates to mitigate the risk of exploitation. Promptly applying these security patches is essential for safeguarding sensitive data and maintaining the overall security posture of enterprise environments. By addressing these vulnerabilities swiftly, organizations can protect themselves against potential threats and ensure the continued reliability and security of their Splunk deployments.
Reference:
