In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for Windows is installed on a separate drive.
History

Thu, 17 Oct 2024 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft
Microsoft windows
Splunk splunk
Weaknesses CWE-22
CPEs cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:9.3.0:*:*:*:enterprise:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows
Splunk splunk

Tue, 15 Oct 2024 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Splunk
Splunk splunk Enterprise
CPEs cpe:2.3:a:splunk:splunk_enterprise:*:*:*:*:*:*:*:*
Vendors & Products Splunk
Splunk splunk Enterprise
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 14 Oct 2024 17:00:00 +0000

Type Values Removed Values Added
Description In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for Windows is installed on a separate drive.
Title Potential Remote Command Execution (RCE) through arbitrary file write to Windows system root directory when Splunk Enterprise for Windows is installed on a separate disk
Weaknesses CWE-23
References
Metrics cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Splunk

Published: 2024-10-14T16:46:01.751Z

Updated: 2024-12-10T18:00:30.597Z

Reserved: 2024-09-05T21:35:21.290Z

Link: CVE-2024-45731

cve-icon Vulnrichment

Updated: 2024-10-15T17:39:48.318Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-14T17:15:11.177

Modified: 2024-10-17T13:09:33.017

Link: CVE-2024-45731

cve-icon Redhat

No data.