CVE-2024-23678: 
Splunk Enterprise vulnerability analysis and mitigation

A high-severity vulnerability (CVE-2024-23678) was discovered in Splunk Enterprise for Windows. The vulnerability stems from incorrect sanitization of path input data, which results in unsafe deserialization of untrusted data from a separate disk partition on the machine. The issue affects Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3 (Splunk Advisory, SecurityWeek).

The vulnerability has been assigned a CVSSv3.1 score of 7.5 (High) with the vector CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H. The flaw is related to path traversal issues that can lead to deserialization of untrusted data, which is a type of vulnerability allowing for the use of malformed data to cause denial of service, abuse application logic, or execute arbitrary code (Splunk Advisory).

If exploited, this vulnerability could allow attackers to gain unauthorized access, execute arbitrary code, and potentially compromise the entire Splunk environment, leading to data breaches and further system exploitation. The impact is specifically limited to Windows instances of Splunk Enterprise (SecurityWeek, Splunk Advisory).

Splunk has released patches to address this vulnerability in versions 9.0.8 and 9.1.3. Organizations are recommended to upgrade their Splunk Enterprise installations to these versions or higher. As a workaround, users can disable Splunk Web on instances in a distributed environment if users do not need to log in to Splunk Web on those instances (Splunk Advisory, SecurityWeek).

The vulnerability was discovered and reported by security researcher Danylo Dmytriiev (DDV_UA). Splunk has acknowledged the finding and promptly released patches, demonstrating their commitment to addressing security issues (Splunk Advisory).