CVE-2024-45733: 
Splunk Enterprise vulnerability analysis and mitigation

A critical vulnerability (CVE-2024-45733) was discovered in Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6. The vulnerability allows low-privileged users without 'admin' or 'power' Splunk roles to perform Remote Code Execution (RCE) due to an insecure session storage configuration (Splunk Advisory, NIST NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. It is classified under CWE-502 (Deserialization of Untrusted Data). The vulnerability specifically affects the Splunk Web component of Splunk Enterprise for Windows installations (Splunk Advisory, CERT-EU).

The vulnerability enables low-privileged users to execute remote code on affected systems, potentially leading to complete system compromise. This poses a significant security risk as attackers could gain unauthorized access to sensitive data and system resources (Security Online).

Organizations are advised to upgrade Splunk Enterprise to versions 9.3.0, 9.2.3, and 9.1.6 or higher. As a workaround, if users do not log in to Splunk Web on indexers in a distributed environment, administrators can disable Splunk Web on those indexers (Splunk Advisory).