CVE-2024-53247

Published Dec 10, 2024

Last updated 12 days ago

CVSS high 8.8
Splunk

Overview

Description
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.4.261 and 3.7.13 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could perform a Remote Code Execution (RCE).
Source
prodsec@splunk.com
NVD status
Deferred

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

prodsec@splunk.com
CWE-502

Social media

Hype score
Not currently trending

  1. برای Splunk آسیب پذیری جدیدی با کد شناسایی CVE-2024-53247 و از نوع RCE منتشر شده است .نسخه های قبل از 9.3.2 و 9.2.4 و 9.1.7 مربوط به Splunk Enterprise و نسخه های قبل از 3.2.461 و 3.7.13 مربوط به Splunk Secure Gateway دارای این آسیب پذیری هستند. https://t.co/Poz3aKYxT1 https://t.

    @AmirHossein_sec

    18 Dec 2024

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Critical Splunk Vulnerability (CVE-2024-53247): Upgrade Splunk Secure Gateway to patched versions or disable immediately to prevent remote code execution (CVSS 8.8). #CyberSecurity #threatcure #SplunkSecurity #VulnerabilityAlert #PatchNow #RemoteCodeExecution #DataProtection htt

    @ThreatCure_25

    16 Dec 2024

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. A critical vulnerability (CVE-2024-53247) in the Splunk Secure Gateway app allows low-privileged users to execute arbitrary code, risking security. Immediate action required. ⚠️ #SplunkUsers #CodeExecution #SecurityRisk #CybersecurityNews link: https://t.co/l4zUaJnyQ0 https://t.

    @TweetThreatNews

    12 Dec 2024

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway app (CVE-2024-53247) https://t.co/7Ypiqb1oTC

    @TMJIntel

    12 Dec 2024

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2024-53247: Splunk Secure Gateway App Vulnerability Allows Remote Code Execution https://t.co/myDzK8OIfQ

    @Dinosn

    12 Dec 2024

    7808 Impressions

    71 Retweets

    162 Likes

    32 Bookmarks

    0 Replies

    1 Quote

  6. 🚨 Critical Splunk & Atlassian Vulnerabilities Alert 🚨 High-severity flaws in Splunk (RCE via CVE-2024-53247) and Atlassian products could allow remote code execution & privilege escalation. Patch now!

    @NetSec_Ian

    11 Dec 2024

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. CVE-2024-53247 Remote Code Execution in Splunk Enterprise and Secure Gateway App... https://t.co/UyVukHMvBq Vulnerability Alert Subscriptions: https://t.co/hrQhy5uz4x

    @VulmonFeeds

    10 Dec 2024

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Related CVEs

  1. In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.5, 10.2.2510.9, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the `admin` or `power` Splunk roles could potentially perform a Remote Code Execution (RCE) by uploading a malicious file to the `$SPLUNK_HOME/var/run/splunk/apptemp` directory due to improper handling and insufficient isolation of temporary files within the `apptemp` directory.CVE-2026-20204
  2. In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, and 10.0.2503.12, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve the Observability Cloud API access token through the Discover Splunk Observability Cloud app due to improper access control. This vulnerability does not affect Splunk Enterprise versions below 9.4.9 and 9.3.10 because the Discover Splunk Observability Cloud app does not come with Splunk Enterprise.CVE-2026-20166
  3. In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform versions below 10.2.2510.4, 10.1.2507.15, 10.0.2503.11, and 9.3.2411.123, a low-privileged user who does not hold the "admin" or "power" Splunk roles could craft a malicious payload when creating a View (Settings - User Interface - Views) at the `/manager/launcher/data/ui/views/_new` endpoint leading to a Stored Cross-Site Scripting (XSS) through a path traversal vulnerability. This could result in execution of unauthorized JavaScript code in the browser of a user. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.CVE-2026-20162
  4. In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and 9.3.2411.124, a user who holds a role that contains the high-privilege capability `edit_cmd` could execute arbitrary shell commands using the `unarchive_cmd` parameter for the `/splunkd/__upload/indexing/preview` REST endpoint.CVE-2026-20163
  5. In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, 10.0.2503.11, and 9.3.2411.123, a low-privileged user that does not hold the "admin" or "power" Splunk roles could access the `/splunkd/__raw/servicesNS/-/-/configs/conf-passwords` REST API endpoint, which exposes the hashed or plaintext password values that are stored in the passwords.conf configuration file due to improper access control. This vulnerability could allow for the unauthorized disclosure of sensitive credentials.CVE-2026-20164

References

Sources include official advisories and independent security research.