CVE-2023-40597 - OpenCVE

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Splunk	Splunk Splunk Cloud Platform

Configuration 1 [-]

OR	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:9.1.0::::enterprise:::
	cpe:2.3:a:splunk:splunk_cloud_platform::::::::

References

Link	Resource
https://advisory.splunk.com/advisories/SVD-2023-0806	Vendor Advisory
https://research.splunk.com/application/356bd3fe-f59b-4f64-baa1-51495411b7ad/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Splunk

Published: 2023-08-30T16:19:44.220Z

Updated: 2024-07-01T16:57:45.507Z

Reserved: 2023-08-16T22:07:52.838Z

Link: CVE-2023-40597

JSON object: View

NVD Information

Status : Modified

Published: 2023-08-30T17:15:10.180

Modified: 2024-04-10T01:15:16.153

Link: CVE-2023-40597

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-40597", "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469", "state": "PUBLISHED", "assignerShortName": "Splunk", "dateReserved": "2023-08-16T22:07:52.838Z", "datePublished": "2023-08-30T16:19:44.220Z", "dateUpdated": "2024-07-01T16:57:45.507Z"}, "containers": {"cna": {"affected": [{"product": "Splunk Enterprise", "vendor": "Splunk", "versions": [{"version": "8.2", "status": "affected", "versionType": "custom", "lessThan": "8.2.12"}, {"version": "9.0", "status": "affected", "versionType": "custom", "lessThan": "9.0.6"}, {"version": "9.1", "status": "affected", "versionType": "custom", "lessThan": "9.1.1"}]}, {"product": "Splunk Cloud", "vendor": "Splunk", "versions": [{"version": "-", "status": "affected", "versionType": "custom", "lessThan": "9.0.2305.200"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk."}], "value": "In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk."}], "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2023-0806"}, {"url": "https://research.splunk.com/application/356bd3fe-f59b-4f64-baa1-51495411b7ad/"}], "title": "Absolute Path Traversal in Splunk Enterprise Using runshellscript.py", "datePublic": "2023-08-30T00:00:00.000000", "metrics": [{"cvssV3_1": {"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "baseScore": 7.8, "baseSeverity": "HIGH"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cvw", "description": "The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as /abs/path that can resolve to a location that is outside of that directory.", "cweId": "CWE-36"}]}], "source": {"advisory": "SVD-2023-0806"}, "credits": [{"lang": "en", "value": "Danylo Dmytriiev (DDV_UA)"}], "providerMetadata": {"orgId": "42b59230-ec95-491e-8425-5a5befa1a469", "shortName": "Splunk", "dateUpdated": "2024-07-01T16:57:45.507Z"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "21F6F824-393F-424F-85DF-CD3FCB40452F", "versionEndExcluding": "8.2.12", "versionStartIncluding": "8.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "74A23E71-6A34-48A5-8087-B626BED870E0", "versionEndExcluding": "9.0.6", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk:9.1.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "A4F2BC82-AD4C-4D80-8200-C2371E7C04F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "A2A0FF7F-1171-42D4-A27B-689541F4BC32", "versionEndIncluding": "9.0.2305.100", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk."}], "id": "CVE-2023-40597", "lastModified": "2024-04-10T01:15:16.153", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 6.0, "source": "prodsec@splunk.com", "type": "Secondary"}]}, "published": "2023-08-30T17:15:10.180", "references": [{"source": "prodsec@splunk.com", "tags": ["Vendor Advisory"], "url": "https://advisory.splunk.com/advisories/SVD-2023-0806"}, {"source": "prodsec@splunk.com", "tags": ["Vendor Advisory"], "url": "https://research.splunk.com/application/356bd3fe-f59b-4f64-baa1-51495411b7ad/"}], "sourceIdentifier": "prodsec@splunk.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-36"}], "source": "prodsec@splunk.com", "type": "Secondary"}]}