Splunk has recently addressed multiple vulnerabilities in its Splunk Enterprise software, with a notable focus on a high-severity flaw affecting the Windows version (CVE-2024-23678, CVSS score 7.5). The identified vulnerability impacts Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, involving inadequate sanitization of path input data. This flaw can lead to the unsafe deserialization of untrusted data from a separate disk partition on the affected machine, potentially enabling the execution of malicious code. To mitigate these risks, users are strongly advised to upgrade to Splunk Enterprise versions 9.0.8, 9.1.3, or higher. Notably, the vulnerability does not affect the Splunk Cloud Platform.
The high-severity flaw was discovered by security researcher Danylo Dmytriiev (DDV_UA). The specific nature of the vulnerability lies in the improper handling of path input data by Splunk Enterprise for Windows. This lapse could result in the unsafe deserialization of untrusted data from an external disk partition, creating a potential avenue for the execution of malicious code on the system. To address this, Splunk recommends that users upgrade to the specified versions, emphasizing that the vulnerability is exclusive to the Windows version and does not impact the Splunk Cloud Platform. The company did not disclose any information regarding known instances of exploitation of this vulnerability in the wild.
In light of the potential risks associated with the identified vulnerability, Splunk users on Windows are strongly encouraged to implement the necessary updates promptly. The prompt installation of versions 9.0.8, 9.1.3, or later will help safeguard systems from potential security threats associated with the high-severity flaw. Splunk continues to prioritize the security of its software and encourages users to stay vigilant and proactive in maintaining the integrity and safety of their Splunk Enterprise installations.