CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40598 – Command Injection in Splunk Enterprise Using External Lookups
https://notcve.org/view.php?id=CVE-2023-40598
In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execute arbitrary code on the Splunk platform Instance. • https://advisory.splunk.com/advisories/SVD-2023-0807 https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-306: Missing Authentication for Critical Function •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-32709 – Low-privileged User can View Hashed Default Splunk Password
https://notcve.org/view.php?id=CVE-2023-32709
In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ‘user’ role can see the hashed version of the initial user name and password for the Splunk instance by using the ‘rest’ SPL command against the ‘conf-user-seed’ REST endpoint. • https://advisory.splunk.com/advisories/SVD-2023-0604 https://research.splunk.com/application/a1be424d-e59c-4583-b6f9-2dcc23be4875 • CWE-285: Improper Authorization •
CVSS: 8.8EPSS: 89%CPEs: 4EXPL: 3CVE-2023-32707 – ‘edit_user’ Capability Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-32707
In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests. En las versiones de Splunk Enterprise anteriores a 9.0.5, 8.2.11 y 8.1.14, y de Splunk Cloud Platform anteriores a la versión 9.0.2303.100, un usuario con pocos privilegios que tenga un rol que tenga asignada la capacidad de "edit_user" puede escalar sus privilegios a los del usuario administrador proporcionando solicitudes web especialmente manipuladas. Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14 allows low-privileged users who hold a role with edit_user capability assigned to it the ability to escalate their privileges to that of the admin user by providing specially crafted web requests. • https://www.exploit-db.com/exploits/51747 https://github.com/9xN/CVE-2023-32707 https://advisory.splunk.com/advisories/SVD-2023-0602 https://research.splunk.com/application/39e1c326-67d7-4c0d-8584-8056354f6593 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/splunk_privilege_escalation_cve_2023_32707.rb • CWE-285: Improper Authorization •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-32716 – Denial of Service via the 'dump' SPL command
https://notcve.org/view.php?id=CVE-2023-32716
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, an attacker can exploit a vulnerability in the {{dump}} SPL command to cause a denial of service by crashing the Splunk daemon. • https://advisory.splunk.com/advisories/SVD-2023-0611 https://research.splunk.com/application/fb0e6823-365f-48ed-b09e-272ac4c1dad6 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-32710 – Information Disclosure via the ‘copyresults’ SPL Command
https://notcve.org/view.php?id=CVE-2023-32710
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can perform an unauthorized transfer of data from a search using the ‘copyresults’ command if they know the search ID (SID) of a search job that has recently run. • https://advisory.splunk.com/advisories/SVD-2023-0609 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •