CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-36991

High Severity
Splunk
SVRS
54/100
CVSSv3
7.5/10
EPSS
0.90148/1

CVE-2024-36991 allows for path traversal in Splunk Enterprise on Windows. An attacker can exploit the /modules/messaging/ endpoint. This vulnerability affects Splunk Enterprise on Windows versions prior to 9.2.2, 9.1.5, and 9.0.10. Although the CVSS score is 7.5, the SOCRadar Vulnerability Risk Score (SVRS) is 54, indicating a moderate risk that does not require immediate action. However, due to the availability of active exploits and the vulnerability being tagged "In The Wild", this CVE should be addressed in a timely manner. Successful exploitation could lead to unauthorized access to sensitive files and potential system compromise. Users should upgrade to the latest versions of Splunk Enterprise to mitigate this security risk.

TAGS
In The Wild
Exploit Avaliable
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:N
A:N
PUBLICATION DATE2025-02-28
LAST MODIFIED2024-07-01

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
gunzf0x/CVE-2024-36991https://github.com/gunzf0x/CVE-2024-369912025-03-31
TcchSquad/CVE-2024-36991-Toolhttps://github.com/TcchSquad/CVE-2024-36991-Tool2025-03-30
bigb0x/CVE-2024-36991https://github.com/bigb0x/CVE-2024-369912024-07-06
xploitnik/CVE-2024-36991-modifiedhttps://github.com/xploitnik/CVE-2024-36991-modified2025-04-11
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Data Breaches Digest - Week 29 2024
Dunkie ([email protected])2024-07-15
Data Breaches Digest - Week 29 2024 | Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 15th July and 21st July 2024. 21st July <br
dbdigest.com
rss
forum
news
1.710
2024-07-25
1.710 | Newly Added (4)NI IO Trace Tool CVE-2024-5602 Arbitrary Code Execution VulnerabilitySecurity Vulnerabilities Fixed in NI LabView 24.1Splunk CVE-2024-36991 Path Traversal VulnerabilitySecurity Vulnerabilities fixed in
cve-2024-5602
cve-2024-36991
domains
urls
Critical Splunk Vulnerability Exploited Using Crafted GET Commands - CybersecurityNews
2024-07-22
Critical Splunk Vulnerability Exploited Using Crafted GET Commands - CybersecurityNews | News Content: Splunk Enterprise is one of the many applications Splunk offers for security and monitoring purposes. It allows organizations to search, analyze and visualize data which can help to respond to incidents in a better way. However, at the beginning of this month, Splunk released a security advisory for a high-severity vulnerability. Given the CVE ID as CVE-2024-36991, the vulnerability was associated with Path Traversal on the “/modules/messaging/” endpoint in Splunk Enterprise on Windows. The severity for this vulnerability was given as 7.5 (High) and affected Splunk
cve-2024-36991
cves
github
security
Vulnerability Recap 7/22/24 – CrowdStrike Issue Is One of Many
Jenna Phipps2024-07-22
Vulnerability Recap 7/22/24 – CrowdStrike Issue Is One of Many | The failed CrowdStrike sensor update that affected Windows systems may have put those computers at risk, but this is just one potential vulnerability during an interesting week. SolarWinds recently patched 13 vulnerabilities, and Ivanti has fixed yet another flaw in its Endpoint Manager product. The CISA requires federal agencies to patch their instances of GeoServer [&#8230;] The post Vulnerability Recap 7/22/24 – CrowdStrike Issue Is One of Many appeared first on <a
cve-2024-37381
cve-2024-36991
cve-2024-20419
cve-2024-36401
Critical Splunk Vulnerability Exploited Using Crafted GET Commands
Eswar2024-07-22
Critical Splunk Vulnerability Exploited Using Crafted GET Commands | Splunk Enterprise is one of the many applications Splunk offers for security and monitoring purposes. It allows organizations to search, analyze and visualize data which can help to respond to incidents in a better way. However, at the beginning of this month, Splunk released a security advisory for a high-severity vulnerability. Given the CVE ID [&#8230;] The post Critical Splunk Vulnerability Exploited Using Crafted GET Commands appeared first on <
cybersecuritynews.com
rss
forum
news
Week in review: CrowdStrike update causes widespread IT outage, critical Splunk Enterprise flaw - Help Net Security
2024-07-21
Week in review: CrowdStrike update causes widespread IT outage, critical Splunk Enterprise flaw - Help Net Security | News Content: Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Faulty CrowdStrike update takes out Windows machines worldwide Thousands and possibly millions of Windows computers and servers worldwide have been made inoperable by a faulty update of Crowdstrike Falcon Sensors, and the outage affected transport, broadcast, financial, retail and other organizations in Europe, Australia, the US and elsewhere. Here’s what we know. Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991
google.com
rss
forum
news
Week in review: CrowdStrike update causes widespread IT outage, critical Splunk Enterprise flaw - Help Net Security
2024-07-21
Week in review: CrowdStrike update causes widespread IT outage, critical Splunk Enterprise flaw - Help Net Security | Description: Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Faulty CrowdStrike update takes out Windows machines worldwide Thousands and possibly millions of Windows computers and servers worldwide have been made inoperable by a faulty update of Crowdstrike Falcon Sensors, and the outage affected transport, broadcast, financial, retail and other organizations in Europe, Australia, the US and elsewhere. Here’s what we know. Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991) A
google.com
rss
forum
news

Social Media

GitHub - gunzf0x/CVE-2024-36991: Proof of Concept for CVE-2024-36991. Path traversal for Splunk versions below 9.2.2, 9.1.5, and 9.0.10 for Windows which allows arbitrary file read. https://t.co/Imiws1zNU0
0
1
2
GitHub - TcchSquad/CVE-2024-36991-Tool: This binary POC automates the exploitation of CVE-2024-36991 by sending crafted curl requests to a vulnerable Splunk instance. It retrieves sensitive files and saves them locally for further analysis. https://t.co/xNzUN0kjhP
0
0
4
Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991) | #HelpNetSecurity #CyberSecurity https://t.co/4ecZkT63rz
0
0
0
🚨CVE Alert: Splunk path traversal Vulnerability Exploited In-The-Wild 🚨 Vulnerability Details: CVE-2024-36991(CVSS 7.5/10) Splunk path traversal Vulnerability Impact A successful exploit may allow an attacker to perform unauthorized path traversal. Affected Products: https://t.co/5s4Rd8HCMa
0
0
0
Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991) - Help Net Security https://t.co/zJNCXnInSJ #TechJunkieInvest #investing #TechJunkieNews #Tech #CyberSecurity https://t.co/1W1lzd6qBr
0
0
0
Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991) - Help Net Security https://t.co/9eU7tRcXY5
0
0
1
Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991) https://t.co/BEnmvFPFal
0
0
0
Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991) https://t.co/BypIDImu5y
0
0
0
Advice for CVE-2024-36991 (cont.) - If patching is not immediately possible, turn off Splunk Web as a temporary work... - Review and disable any unnecessary components in the Splunk Enterprise `web.conf... Get Fletch for updated advice: https://t.co/y14Brx84pP (3/3)
0
0
0
Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991) https://t.co/Hd4FYpb6vc
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppSplunksplunk

References

ReferenceLink
[email protected]https://advisory.splunk.com/advisories/SVD-2024-0711
[email protected]https://research.splunk.com/application/e7c2b064-524e-4d65-8002-efce808567aa

CWE Details

CWE IDCWE NameDescription
CWE-35Path Traversal: '.../...//'The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence