Vulnerability Management

Immediate Remediation of Splunk Enterprise Bug Urged Amid Easy Exploitability

Splunk has fashioned a deal that would enable the fast-growing tech
company to greatly widen its presence at San Jose’s iconic and bustling
Santana Row mixed-use complex, according to several sources familiar with
the rental transaction.
George Avalos / Bay Area News Group

Organizations using Splunk Enterprise on Windows versions earlier than 9.2.2, 9.1.5, and 9.0.10 have been urged by SonicWall to immediately apply fixes for a high-severity path traversal vulnerability, tracked as CVE-2024-36991, which could be abuse to facilitate endpoint directory listing and sensitive data access, reports SecurityWeek.

Attackers looking to leverage the security issue could do so remotely through the delivery of a crafted GET request to an impacted Splunk instance with activated Splunk Web, according to SonicWall, which noted the increased odds of flaw exploitation following the recent release of a proof-of-concept code on GitHub.

Aside from implementing the update released by Splunk earlier this month, organizations with vulnerable instances could also deactivate Splunk Web to curb potential compromise, SonicWall noted.

"Considering the severe consequences of this vulnerability and the trend of nefarious actors trying to leverage the exploit in the wild, users are strongly encouraged to upgrade their instances in accordance with the Splunk advisory to address the vulnerability," said SonicWall.

You can skip this ad in 5 seconds