CVE-2024-45731

Potential Remote Command Execution (RCE) through arbitrary file write to Windows system root directory when Splunk Enterprise for Windows is installed on a separate disk

Description

In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for Windows is installed on a separate drive.

INFO

Published Date :

2024-10-14T16:46:01.751Z

Last Modified :

2025-02-28T11:03:47.249Z

Source :

Splunk

AFFECTED PRODUCTS

The following products are affected by CVE-2024-45731 vulnerability.

Vendors	Products
Microsoft	Windows
Splunk	Splunk Splunk Enterprise

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-45731.

URL	Resource
https://advisory.splunk.com/advisories/SVD-2024-1001
https://research.splunk.com/application/c97e0704-d9c6-454d-89ba-1510a987bf72/

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact