Denial of Service through null pointer reference in “cluster/config” REST endpoint
Advisory ID: SVD-2024-0702
CVE ID: CVE-2024-36982
Published: 2024-07-01
Last Update: 2024-07-01
CVSSv3.1 Score: 7.5, High
CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-476
Bug ID: VULN-15553
Description
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an attacker could trigger a null pointer reference on the “cluster/config” REST endpoint, which could result in a crash of the Splunk daemon.
Solution
Upgrade Splunk Enterprise to versions 9.2.2, 9.1.5, and 9.0.10, or higher.
Splunk is performing upgrades on Splunk Cloud Platform instances as part of Emergency Maintenance for customers, as described in the Splunk Cloud Platform Maintenance Policy. In the meantime, Splunk is actively monitoring for potential issues that could arise from this vulnerability.
Product Status
| Product | Version | Component | Affected Version | Fix Version |
|---|---|---|---|---|
| Splunk Enterprise | 9.2 | REST API | 9.2.0 to 9.2.1 | 9.2.2 |
| Splunk Enterprise | 9.1 | REST API | 9.1.0 to 9.1.4 | 9.1.5 |
| Splunk Enterprise | 9.0 | REST API | 9.0.0 to 9.0.9 | 9.0.10 |
| Splunk Cloud Platform | 9.1.2312 | REST API | 9.1.2312.100 to 9.1.2312.108 | 9.1.2312.109 |
| Splunk Cloud Platform | 9.1.2308 | REST API | Below 9.1.2308.207 | 9.1.2308.207 |
Mitigations and Workarounds
None
Detections
None
Severity
Splunk rates this vulnerability as 7.5, High, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.
Acknowledgments
d0nahu3