Third-Party Package Updates in the Splunk Add-on for Cisco Meraki - October 2024
Advisory ID: SVD-2024-1015
CVE ID: Multiple
Published: 2024-10-30
Last Update: 2024-10-30
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in the Splunk Add-on for Cisco Meraki version 2.2.0 and higher, including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| idna | Upgraded to 3.8 | CVE-2024-3651 | High |
| urllib3 | Upgraded to 1.26.20 | CVE-2024-37891 | Medium |
| tqdm | Removed | CVE-2024-34062 | Medium |
| certifi | Upgraded to 2024.8.30 | CVE-2024-39689 | High |
Solution
Upgrade Splunk Add-on for Cisco Meraki versions 2.2.0 or higher.
Product Status
| Product | Version | Component | Affected Version | Fix Version |
|---|---|---|---|---|
| Splunk Add-on for Cisco Meraki | 2.2 | Below 2.2.0 | 2.2.0 |
Severity
For the CVEs in this list, Splunk adopted one of the following ratings:
- Where applicable, the severity rating that the vendor published, or
- The national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating, otherwise.