CVE-2024-53247

Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway app

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.2.461 and 3.7.13 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could perform a Remote Code Execution (RCE).

*Credits: Danylo Dmytriiev (DDV_UA)

CVSS Scores

Splunk Inc.v3.1 8.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-11-19 CVE Reserved
2024-12-10 CVE Published
2024-12-10 CVE Updated
2024-12-11 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-502: Deserialization of Untrusted Data

CAPEC

References (1)

URL	Tag	Source
https://advisory.splunk.com/advisories/SVD-2024-1205

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Splunk Search vendor "Splunk"		Splunk Enterprise Search vendor "Splunk" for product "Splunk Enterprise"				>= 9.3.0 < 9.3.2 Search vendor "Splunk" for product "Splunk Enterprise" and version " >= 9.3.0 < 9.3.2"		en		Affected
Splunk Search vendor "Splunk"		Splunk Enterprise Search vendor "Splunk" for product "Splunk Enterprise"				>= 9.2.0 < 9.2.4 Search vendor "Splunk" for product "Splunk Enterprise" and version " >= 9.2.0 < 9.2.4"		en		Affected
Splunk Search vendor "Splunk"		Splunk Enterprise Search vendor "Splunk" for product "Splunk Enterprise"				>= 9.1.0 < 9.1.7 Search vendor "Splunk" for product "Splunk Enterprise" and version " >= 9.1.0 < 9.1.7"		en		Affected
Splunk Search vendor "Splunk"		Splunk Secure Gateway Search vendor "Splunk" for product "Splunk Secure Gateway"				>= 3.7.0 < 3.7.13 Search vendor "Splunk" for product "Splunk Secure Gateway" and version " >= 3.7.0 < 3.7.13"		en		Affected
Splunk Search vendor "Splunk"		Splunk Secure Gateway Search vendor "Splunk" for product "Splunk Secure Gateway"				>= 3.4.0 < 3.4.261 Search vendor "Splunk" for product "Splunk Secure Gateway" and version " >= 3.4.0 < 3.4.261"		en		Affected