Thursday, January 23, 2025
HomeCVE/vulnerabilitySplunk RCE Vulnerability Let Attackers Execute Remote Code

Splunk RCE Vulnerability Let Attackers Execute Remote Code

Published on

SIEM as a Service

Follow Us on Google News

Splunk, the data analysis and monitoring platform, is grappling with a Remote Code Execution (RCE) vulnerability.

This flaw, identified as CVE-2024-53247, affects several versions of Splunk Enterprise and the Splunk Secure Gateway app on the Splunk Cloud Platform.

The vulnerability is rated with a CVSSv3.1 score of 8.8, indicating a high severity level that poses a serious risk to organizations relying on these services.

Vulnerability Details

The RCE vulnerability arises from the unsafe deserialization of untrusted data, traced back to insecure usage of the jsonpickle Python library.

This deserialization flaw allows a low-privileged user, who does not possess “admin” or “power” roles, to execute arbitrary code on the affected systems.

Notably, this issue impacts Splunk Enterprise versions before 9.3.2, 9.2.4, and 9.1.7, as well as Splunk Secure Gateway versions below 3.2.461 and 3.7.13.

2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide

Affected Products and Versions

  • Splunk Enterprise: Versions 9.3.1 and below, 9.2.3 and below, 9.1.0 to 9.1.6.
  • Splunk Secure Gateway App: Versions below 3.7.13 and 3.4.261.

To counter this vulnerability, Splunk has advised users to upgrade to the latest secure versions: 9.3.2, 9.2.4, and 9.1.7 for Splunk Enterprise, and 3.7.13 or 3.4.261 for the Splunk Secure Gateway app.

Additionally, Splunk is proactively monitoring and patching instances on the Splunk Cloud Platform to mitigate potential risks.

As an immediate workaround, Splunk recommends disabling the Splunk Secure Gateway app, particularly if the functionalities of Splunk Mobile, Spacebridge, and Mission Control are not in use.

Administrators should manage app and add-on objects to ensure the system’s integrity and security.

This vulnerability underscores the critical importance of keeping enterprise software updated and securely configured, especially when handling sensitive data.

Organizations using Splunk must act promptly to apply the necessary updates and consider implementing additional security measures to prevent exploitation.

Splunk’s swift response and transparency in addressing this issue are commendable, yet this incident serves as a reminder of the constant vigilance needed in cybersecurity.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

Nnice Ransomware Attacking Windows Systems With Advanced Encryption Techniques

CYFIRMA's Research and Advisory team has identified a new strain of ransomware labeled "Nnice,"...

Microsoft Unveils New Identity Secure Score Recommendations in General Availability

Microsoft has announced the general availability of 11 new Identity Secure Score recommendations in...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

Microsoft Unveils New Identity Secure Score Recommendations in General Availability

Microsoft has announced the general availability of 11 new Identity Secure Score recommendations in...