Vulnerability Description
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk.
CVSS Score
7.8
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Splunk | Splunk | >= 8.2.0, < 8.2.12 |
| Splunk | Splunk Cloud Platform | <= 9.0.2305.100 |
Related Weaknesses (CWE)
References
- https://advisory.splunk.com/advisories/SVD-2023-0806Vendor Advisory
- https://research.splunk.com/application/356bd3fe-f59b-4f64-baa1-51495411b7ad/Vendor Advisory
- https://advisory.splunk.com/advisories/SVD-2023-0806Vendor Advisory
- https://research.splunk.com/application/356bd3fe-f59b-4f64-baa1-51495411b7ad/Vendor Advisory
FAQ
What is CVE-2023-40597?
CVE-2023-40597 is a vulnerability with a CVSS score of 7.8 (HIGH). In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk.
How severe is CVE-2023-40597?
CVE-2023-40597 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-40597?
Check the references section above for vendor advisories and patch information. Affected products include: Splunk Splunk, Splunk Splunk Cloud Platform.