A critical vulnerability has been discovered in the Splunk Secure Gateway app, potentially allowing low-privileged users to execute arbitrary code remotely.
The flaw, identified as CVE-2024-53247, affects multiple versions of Splunk Enterprise and the Splunk Secure Gateway app on the Splunk Cloud Platform.
The vulnerability stems from unsafe deserialization of data due to insecure usage of the jsonpickle Python library. This flaw could allow attackers to perform Remote Code Execution (RCE) without requiring admin or power user roles. The severity of this vulnerability is rated as high, with a CVSSv3.1 score of 8.8.
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar
- Splunk Enterprise: Versions below 9.3.2, 9.2.4, and 9.1.7
- Splunk Secure Gateway app on Splunk Cloud Platform: Versions below 3.2.461 and 3.7.13
Splunk has released patches to address this vulnerability. Users are strongly advised to upgrade their Splunk Enterprise installations to versions 9.3.2, 9.2.4, 9.1.7, or higher. For the Splunk Cloud Platform, the company is actively monitoring and patching affected instances.
As a temporary mitigation, users who do not rely on Splunk Mobile, Spacebridge, or Mission Control functionalities can disable or remove the Splunk Secure Gateway app.
However, it’s important to note that these features depend on the Secure Gateway app, so disabling them may impact their functionality.
The discovery of this vulnerability underscores the importance of regular security updates and proactive vulnerability management. As Splunk is widely used in enterprise environments for log management and security information and event management (SIEM), this vulnerability could potentially impact a large number of organizations across various industries.
Organizations using Splunk Enterprise or Splunk Cloud Platform are urged to review their systems and apply the necessary patches immediately. The high severity rating of this vulnerability emphasizes the critical nature of this update.
As always, maintaining up-to-date software and adhering to best security practices remain crucial in protecting against potential threats in the ever-evolving cybersecurity landscape.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free