Denial of Service through null pointer reference in “cluster/config” REST endpoint

Advisory ID: SVD-2024-0702

CVE ID: CVE-2024-36982

Published: 2024-07-01

Last Update: 2024-07-01

CVSSv3.1 Score: 7.5, High

CWE: CWE-476

Bug ID: VULN-15553

Description

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an attacker could trigger a null pointer reference on the “cluster/config” REST endpoint, which could result in a crash of the Splunk daemon.

Solution

Upgrade Splunk Enterprise to versions 9.2.2, 9.1.5, and 9.0.10, or higher.

Splunk is performing upgrades on Splunk Cloud Platform instances as part of Emergency Maintenance for customers, as described in the Splunk Cloud Platform Maintenance Policy. In the meantime, Splunk is actively monitoring for potential issues that could arise from this vulnerability.

Product Status

ProductVersionComponentAffected VersionFix Version
Splunk Enterprise9.2REST API9.2.0 to 9.2.19.2.2
Splunk Enterprise9.1REST API9.1.0 to 9.1.49.1.5
Splunk Enterprise9.0REST API9.0.0 to 9.0.99.0.10
Splunk Cloud Platform9.1.2312REST API9.1.2312.100 to 9.1.2312.1089.1.2312.109
Splunk Cloud Platform9.1.2308REST APIBelow 9.1.2308.2079.1.2308.207

Mitigations and Workarounds

None

Detections

None

Severity

Splunk rates this vulnerability as 7.5, High, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Acknowledgments

d0nahu3