CVE-2023-40597: 
Splunk Enterprise vulnerability analysis and mitigation

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an absolute path traversal vulnerability (CVE-2023-40597) was identified that allows attackers to execute arbitrary code located on a separate disk. This vulnerability specifically affects Splunk Enterprise instances running on Windows systems and was disclosed on August 30, 2023. The vulnerability received a CVSS v3.1 score of 7.8 (High) (Splunk Advisory).

The vulnerability exists in the runshellscript.py script, which fails to perform adequate user validation. This allows an attacker to exploit the script to execute code from the root directory of another disk on the machine. The exploit requires the attacker to have write access to the drive where they place the exploit script. The vulnerability has been assigned CWE-36 (Absolute Path Traversal) and has a CVSS vector of CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H (Splunk Advisory, SecurityWeek).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code on affected systems through path traversal, potentially leading to unauthorized access and system compromise. The impact is limited to Windows-based Splunk Enterprise installations, but the potential for code execution makes it a significant security concern (Splunk Advisory).

The primary mitigation is to upgrade Splunk Enterprise to versions 8.2.12, 9.0.6, or 9.1.1, which contain patches for this vulnerability. This issue does not affect Splunk Cloud Platform instances. No alternative mitigations have been provided by Splunk (Splunk Advisory).