CVE-2024-36991: Splunk Enterprise on Windows Arbitrary File Read Vulnerability

About the Vulnerability

Introduction

Splunk Enterprise enables users to collect, analyze, and act upon the technology infrastructure, as well as visualize the untapped value of the big data generated by the security systems and business applications.

Summary

On July 9, 2024, Sangfor FarSight Labs received notification of the arbitrary file read vulnerability (CVE-2024-36991) in Splunk Enterprise on Windows, classified as high (CVSS Score 7.5) by NVD.

Attackers can exploit this vulnerability to access files and directories stored outside the web root folder.

Affected Versions

9.2 ≤ Splunk Enterprise < 9.2.2

9.1 ≤ Splunk Enterprise < 9.1.5

9.0 ≤ Splunk Enterprise < 9.0.10

Solutions

Remediation Solutions

Official Solution

Affected users are strongly advised to update the version to fix the vulnerability.

Download link: https://www.splunk.com/zh_cn/download.html

Timeline

On July 9, 2024, Sangfor FarSight Labs received notification of the Splunk Enterprise on Windows arbitrary file read vulnerability (CVE-2024-36991).

On July 9, 2024, Sangfor FarSight Labs released a vulnerability alert.

References

https://research.splunk.com/application/e7c2b064-524e-4d65-8002-efce808567aa

https://cxsecurity.com/cveshow/CVE-2024-36991/

https://advisory.splunk.com/advisories/SVD-2024-0711