Splunk, the info evaluation and monitoring platform, is grappling with a Distant Code Execution (RCE) vulnerability.
This flaw, recognized as CVE-2024-53247, impacts a number of variations of Splunk Enterprise and the Splunk Safe Gateway app on the Splunk Cloud Platform.
The vulnerability is rated with a CVSSv3.1 rating of 8.8, indicating a excessive severity stage that poses a critical threat to organizations counting on these providers.
Vulnerability Particulars
The RCE vulnerability arises from the unsafe deserialization of untrusted knowledge, traced again to insecure utilization of the jsonpickle Python library.
This deserialization flaw permits a low-privileged person, who doesn’t possess “admin” or “energy” roles, to execute arbitrary code on the affected techniques.
Notably, this situation impacts Splunk Enterprise variations earlier than 9.3.2, 9.2.4, and 9.1.7, in addition to Splunk Safe Gateway variations beneath 3.2.461 and three.7.13.
Leveraging 2024 MITRE ATT&CK Outcomes for SME & MSP Cybersecurity Leaders – Attend Free Webinar
Affected Merchandise and Variations
- Splunk Enterprise: Variations 9.3.1 and beneath, 9.2.3 and beneath, 9.1.0 to 9.1.6.
- Splunk Safe Gateway App: Variations beneath 3.7.13 and three.4.261.
To counter this vulnerability, Splunk has suggested customers to improve to the newest safe variations: 9.3.2, 9.2.4, and 9.1.7 for Splunk Enterprise, and three.7.13 or 3.4.261 for the Splunk Safe Gateway app.
Moreover, Splunk is proactively monitoring and patching situations on the Splunk Cloud Platform to mitigate potential dangers.
As a direct workaround, Splunk recommends disabling the Splunk Safe Gateway app, significantly if the functionalities of Splunk Cell, Spacebridge, and Mission Management should not in use.
Directors ought to handle app and add-on objects to make sure the system’s integrity and safety.
This vulnerability underscores the essential significance of maintaining enterprise software program up to date and securely configured, particularly when dealing with delicate knowledge.
Organizations utilizing Splunk should act promptly to use the mandatory updates and contemplate implementing further safety measures to stop exploitation.
Splunk’s swift response and transparency in addressing this situation are commendable, but this incident serves as a reminder of the fixed vigilance wanted in cybersecurity.
Examine Actual-World Malicious Hyperlinks,Malware & Phishing Assaults With ANY.RUN - Strive for Free