Intrusion PreventionSplunk.API.edit.user.Capability.Privilege.Elevation
Description
This indicates an attack attempt to exploit an Elevation of Privilege Vulnerability in Splunk Enterprise.
The vulnerability is due to an error in the vulnerable application when handling a maliciously crafted file. Successful exploitation could result in elevation of privilege within the context of the vulnerable system.
Affected Products
Splunk Enterprise version 8.1.0 to version 8.1.13
Splunk Enterprise version 8.2.0 to version 8.2.10
Splunk Enterprise version 9.0.0 to version 9.0.4
Splunk Enterprise version 9.0.2303 and prior
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://advisory.splunk.com/advisories/SVD-2023-0602
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| ID | 54323 |
| Created | Nov 01, 2023 |
| Updated | Jul 11, 2024 |
| CVE ID | |
| Risk |
|
| Exploit Prediction Score | 82.68% |
| Default Action | drop |
| Active | |
| Affected OS | Windows, Linux |
| Affected App | Other |
| Profile Type | Permission/Privilege/Access Control |