FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

Exploit
CVE-2024-36991

Path Traversal: '.../...//' (CWE-35)

Published: Jul 1, 2024 / Updated: 4mo ago

010
CVSS 7.5EPSS 0.04%High
CVE info copied to clipboard

Summary

A path traversal vulnerability exists in the /modules/messaging/ endpoint of Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10. This vulnerability is specific to Splunk Enterprise on Windows platforms and could allow an attacker to perform unauthorized path traversal.

Impact

The vulnerability has a high severity with a CVSS v3.1 base score of 7.5. It primarily affects confidentiality, with no impact on integrity or availability. An attacker exploiting this vulnerability could potentially gain unauthorized access to sensitive files or directories outside the intended directory structure. The attack vector is network-based, requires low complexity, no privileges, and no user interaction, making it relatively easy to exploit. This could lead to exposure of sensitive information, potentially compromising the confidentiality of data stored or processed by the affected Splunk Enterprise installations.

Exploitation

Multiple proof-of-concept exploits are available on github.com, github.com, github.com, github.com. Its exploitation has been reported by various sources, including github.com.

Patch

Patches are available. Users should upgrade to Splunk Enterprise versions 9.2.2, 9.1.5, or 9.0.10 or later, depending on their current version track.

Mitigation

1. Prioritize upgrading Splunk Enterprise on Windows to version 9.2.2, 9.1.5, or 9.0.10 or later, as appropriate for your version track. 2. If immediate patching is not possible, implement network segmentation to limit access to the vulnerable /modules/messaging/ endpoint. 3. Monitor for suspicious activities or unauthorized access attempts targeting this endpoint. 4. Implement strong access controls and authentication mechanisms for Splunk Enterprise. 5. Regularly audit and review file system permissions to ensure proper access restrictions are in place.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Timeline

CVE Assignment

NVD published the first details for CVE-2024-36991

Jul 1, 2024 at 5:15 PM
First Article

Feedly found the first article mentioning CVE-2024-36991. See article

Jul 1, 2024 at 5:30 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Jul 1, 2024 at 5:30 PM
Trending

This CVE started to trend in security discussions

Jul 1, 2024 at 7:53 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (201217)

Jul 2, 2024 at 1:15 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (380010)

Jul 2, 2024 at 7:53 AM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.2%)

Jul 2, 2024 at 10:01 AM
Trending

This CVE stopped trending in security discussions

Jul 3, 2024 at 5:41 AM
Proof of Concept (PoC) Released

A proof of concept exploit has been released

Jul 6, 2024 at 7:11 AM
Static CVE Timeline Graph

Affected Systems

Splunk/splunk
+null more

Exploits

https://github.com/bigb0x/CVE-2024-36991
+null more

Patches

advisory.splunk.com
+null more

Attack Patterns

CAPEC-126: Path Traversal
+null more

References

Critical Splunk Vulnerability CVE-2024-36991: Patch Now to Prevent Arbitrary File Reads
Cyber Security News Aggregator / 4mo
Figure 4 shows utilizing a sample path traversal crafted GET request that can impact vulnerable Splunk Enterprise instances and lead to arbitrary file reads. The CVE-2024-36991 flaw leverages the os.path.join function allowing an attacker to perform a directory listing on the Splunk endpoint, potentially enabling unauthorized access to sensitive files on the system.
Critical Splunk Vulnerability CVE-2024-36991: Patch Now to Prevent Arbitrary File Reads
SonicWall / 4mo
Figure 4 shows utilizing a sample path traversal crafted GET request that can impact vulnerable Splunk Enterprise instances and lead to arbitrary file reads. The CVE-2024-36991 flaw leverages the os.path.join function allowing an attacker to perform a directory listing on the Splunk endpoint, potentially enabling unauthorized access to sensitive files on the system.
Last Week in Security - 2024-07-08
SIXGEN / 4mo
By addressing these vulnerabilities and implementing recommended security measures, Mailcow can enhance its resilience against potential threats and safeguard user data effectively. Security Alert: Update to the Authy Android (v25.1.0) and iOS App (v26.1.0) - Twilio has detected a security issue that allowed threat actors to access data associated with Authy accounts, such as phone numbers.

News

Splunk Enterprise Vulnerabilities let Attackers Execute Remote Code
Vulnerability Archives - GBHackers Security | #1 Globally Trusted Cyber Security News Platform / 35d
Splunk recommends that all users subscribe to their mailing list and RSS feed for timely updates on security advisories. The disclosed vulnerabilities primarily affect Windows installations of Splunk Enterprise, where insecure configurations and potential code execution paths pose significant risks.
CVE-2024-36991: Splunk Enterprise on Windows Arbitrary File Read Vulnerability
Sangfor / 3mo
On July 9, 2024, Sangfor FarSight Labs received notification of the arbitrary file read vulnerability (CVE-2024-36991) in Splunk Enterprise on Windows, classified as high (CVSS Score 7.5) by NVD. On July 9, 2024, Sangfor FarSight Labs received notification of the Splunk Enterprise on Windows arbitrary file read vulnerability (CVE-2024-36991).
Web Application Detections Published in July 2024
Qualys Notifications / 3mo
In July, the Qualys Web Application Scanning (WAS) team issued a critical security signatures update. This update expands the scope to detect vulnerabilities in several widely-used software applications, including GeoServer, Progress MOVEit Transfer, JetBrains TeamCity, Apache Tomcat, Joomla, Splunk, Oracle WebLogic Server, ServiceNow, Apache HTTP Server, Apache RocketMQ, Progress Telerik Report Server, Spring Cloud, OpenObserve, Ivanti Endpoint Manager Mobile (EPMM), PHP, Adobe Magento, pdoc, Atlassian Jira Data Center and Server, PublicCMS, Webmin, Atlassian Bamboo Data Center and Server. QID Title 150222 Reverse Tabnabbing 150858 Default Web Directory Paths Found 150885 Children Privacy Policy Act COPPA Found 150997 WordPress Export WP Page to Static HTML/CSS Plugin: Open Redirect Vulnerability (CVE-2024-3597) 151040 Polyfill JavaScript Detected 152000 WordPress Media Library Assistant Plugin: Time-based SQL Injection Vulnerability (CVE-2024-5605) 152001 WordPress Popup Builder Plugin: Unauthorized Access of Functionality Vulnerability (CVE-2023-6696) 152003 WordPress Blog2Social Plugin: SQL Injection Vulnerability (CVE-2024-3549) 152004 WordPress Ad Invalid Click Protector(AICP) Plugin: Injected Backdoor Vulnerability (CVE-2024-6297) 152005 WordPress Dokan Pro Plugin: SQL Injection Vulnerability (CVE-2024-3922) 152006 WordPress Blaze-Widget Plugin: Injected Backdoor Vulnerability (CVE-2024-6297) 152007 WordPress Britetechs Companion Plugin:
Third-Party Software Update Catalog Release History – July 2024
Catalog Updates Archives - Patch My PC / 3mo
Third-Party Software Update Catalog Release History – July 2024 In July 2024, our third-party software update catalog for Microsoft SCCM contained 1100 bug, feature, and security-related updates. Below you will find a full list of relevant updates and new products for July 2024. 1100 Total Updates 316 Security Updates 239 of the 316 security updates include CVE-IDs 62 New Products New Products: AIMP 5.30.2560.0 (EXE-x64) AIMP 5.30.2560.0 (EXE-x86) Alfaview 9.13.0 (MSI-x64) Alfaview 9.13.0 (User-x64) Android Studio 2024.1.0 (EXE-x64) Anyware PCoIP Client 24.3.4.0 (EXE-x64) Appium Inspector 2024.6.1.0 (EXE-x64) Appium Inspector 2024.6.1.0 (User-x64) ASAP Utilities 8.6.0.0 (EXE-x86) ATLAS.ti 24.1.1.30813 (MSI-x64) Beyond Compare 5.0.0.29773 (EXE-x64) Beyond Compare 5.0.0.29773 (User-x64) BlueJ 5.3.0.0 (MSI-x64) Brave 126.1.67.123 (EXE-x64) Brave 126.1.67.123 (User-x64) Coder 2.12.3.0 CrashPlan 11.4.0.503 (MSI-x64) Crestron AirMedia 5.9.1.245 (MSI-x86) Crestron AirMedia 5.9.1.245 (User-x64) Dolphin EasyReader 11.0.1.593 (EXE-x86) doPDF Latest 11.9.465.0 (EXE-x64) Fusion 2022.2402.1.400 (EXE-x64) Fusion 2023.2402.1.400 (EXE-x64) Fusion 2024.2406.14.400 (EXE-x64) Fuze 23.11.14510.0 (EXE-x64) Global Relay 3.5.0.0 (User-x64) KeeWeb 1.18.7.0 (EXE-x64) LuxTrust Middleware 1.8.0.4 (EXE-x64) MakerBot Print 4.10.1.2056 (EXE-x64) Microsoft Visual Studio 2010 Tools for Office Runtime 10.0.60917.0 (EXE-x64) Mirth Connect Administrator Launcher 1.4.1 (EXE-x64) Mirth Connect Administrator Launcher 1.4.1 (EXE-x86) NordVPN 7.26.2.0 (EXE-x64) Oh My Posh 22.0.3 (EXE-x64) Oh My Posh 22.0.3 (User-x64) pdfFiller 1.0.89.0 (EXE-x86) Proton Drive 1.6.2.0 (User-x64) Proton Mail 1.0.5.0 (User-x64) Proton Mail Bridge 3.12.0.0 (EXE-x64) Proton Pass 1.20.2.0 (User-x64) Proton VPN 3.2.12.0 (EXE) Qlik Sense Desktop 14.187.7.0 (User-x64) QlikView Desktop 12.90.20000.0 (EXE-x64) QlikView Plugin 12.90.20000.0 (EXE-x86) REAPER 7.18.0 (EXE-x64) REAPER 7.18.0 (EXE-x86) Refinitiv Workspace 1.25.180.0 (EXE-x64) Refinitiv Workspace 1.25.180.0 (User-x64) RustDesk 1.2.6.0 (EXE-x64) RustDesk 1.2.6.0 (EXE-x86) RustDesk 1.2.6.0 (MSI-x64) RVTools 4.6.1.0 (MSI-x86) Sophos Connect 2.3.1.0619 (MSI-x86) Tulip Player 2.5.1.0 (MSI-x64) Upscayl 2.11.5.0 (EXE-x64) Wacom Tablet Driver 6.4.6.2 (EXE-x64) Wazuh Agent 4.8.0.0 (MSI-x86) Xink Client AD 3.2.41.0 (MSI-x86) XPress 2.19.3.11008 (MSI-x64) XSplit VCam 4.2.2402.0903 (EXE-x64) Zorus Archon Agent 4.2.5.0 (EXE-x64) Zscaler Client Connector for VDI 1.3.014.0 (MSI-x64) Updates Added: (Oldest to Newest) Bruno 1.20.0 (User-x64) Release Notes for Bruno 1.20.0 (User-x64) Release Type: ⬤ ⬤ Scan Detection Ratio 0/63 VirusTotal Latest Scan Results (User-x64) CCleaner 6.25.11131 Release Notes for CCleaner 6.25.11131 Release Type: ⬤ ⬤ Scan Detection Ratio 0/71
July 2024 Newsletter
unSafe.sh - 不安全 / 3mo
This month’s update saw 75 new templates added, 29 CVEs, and valuable additions from 5 first-time contributors in version 9.9.1. We’ll also keep highlighting contributions from our incredible community who, as always, bring fresh new ideas and innovations to our tools.
See 63 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:None
Availability Impact:None

Categories

CVSS 7.5(51562)CWE-35(48)CWE-22(6658)Splunk(210)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial