Organizations using Splunk Enterprise on Windows versions earlier than 9.2.2, 9.1.5, and 9.0.10 have been urged by SonicWall to immediately apply fixes for a high-severity path traversal vulnerability, tracked as CVE-2024-36991, which could be abuse to facilitate endpoint directory listing and sensitive data access, reports SecurityWeek.
Attackers looking to leverage the security issue could do so remotely through the delivery of a crafted GET request to an impacted Splunk instance with activated Splunk Web, according to SonicWall, which noted the increased odds of flaw exploitation following the recent release of a proof-of-concept code on GitHub. Aside from implementing the update released by Splunk earlier this month, organizations with vulnerable instances could also deactivate Splunk Web to curb potential compromise, SonicWall noted. "Considering the severe consequences of this vulnerability and the trend of nefarious actors trying to leverage the exploit in the wild, users are strongly encouraged to upgrade their instances in accordance with the Splunk advisory to address the vulnerability," said SonicWall.
