Monday, October 7, 2024
HomeCyber Security NewsSplunk Flaw Let Attackers Escalate Privilege Using crafted web Request

Splunk Flaw Let Attackers Escalate Privilege Using crafted web Request

Published on

Splunk is one of the most used SIEM (Security Incident and Event Management) tools worldwide.

Splunk can collect logs of all the configured events that can be used later to investigate security incidents.

Based on recent reports, Splunk was vulnerable to a Privilege escalation vulnerability which was discovered and reported.

- Advertisement - EHA

The company has immediately patched this vulnerability on all Splunk versions.

CVE-2023-32707: ‘edit_user’ Capability Privilege Escalation

Any users with low privileges and has ‘edit_user’ capability can escalate their privileges to an admin user by sending a specially crafted web request to Splunk.

This was because of the fact that ‘edit_user’ does not connect with the ‘grantableRole’ setting in the authorize.conf configuration file, which could prevent this privilege escalation vulnerability.

Affected Products and Fix:

The Table below shows the products that were affected and the fixed version.

ProductVersionComponentAffected VersionFix Version
Splunk Enterprise8.1Splunk Web8.1.0 to 8.1.138.1.14
Splunk Enterprise8.2Splunk Web8.2.0 to 8.2.108.2.11
Splunk Enterprise9Splunk Web9.0.0 to 9.0.49.0.5
Splunk Cloud PlatformSplunk Web9.0.2303 and below9.0.2303.100

Mitigations and Workarounds:

  • Other than admins, no other users must have the ‘edit_user’ capability.
  • Do not provide an ‘edit_user’ role through which other roles will be inherited.
  • Do not assign the ‘edit_user’ capability to users with low or no privileges.

All Splunk users are recommended to upgrade their Splunk versions to the latest versions.

Struggling to Apply The Security Patch in Your System? – 
Try All-in-One Patch Manager Plus

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Chinese Group Hacked US Court Wiretap Systems

Chinese hackers have infiltrated the networks of major U.S. broadband providers, gaining access to...

19.6K+ Public Zimbra Installations Vulnerable to Code Execution Attacks – CVE-2024-45519

A critical vulnerability in Zimbra's postjournal service, identified as CVE-2024-45519, has left over 19,600...

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Chinese Group Hacked US Court Wiretap Systems

Chinese hackers have infiltrated the networks of major U.S. broadband providers, gaining access to...

19.6K+ Public Zimbra Installations Vulnerable to Code Execution Attacks – CVE-2024-45519

A critical vulnerability in Zimbra's postjournal service, identified as CVE-2024-45519, has left over 19,600...

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...