OpenCVE

In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessible.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Splunk	Enterprise Security

Configuration 1 [-]

cpe:2.3:a:splunk:enterprise_security:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://advisory.splunk.com/advisories/SVD-2024-0101
https://research.splunk.com/application/bb85b25e-2d6b-4e39-bd27-50db42edcb8f/

History

No history.

MITRE

Status: PUBLISHED

Assigner: Splunk

Published: 2024-01-09T17:01:07.832Z

Updated: 2024-10-30T15:05:37.943Z

Reserved: 2024-01-05T16:53:01.503Z

Link: CVE-2024-22164

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-01-09T17:15:12.323

Modified: 2024-11-21T08:55:43.037

Link: CVE-2024-22164

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-22164", "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469", "state": "PUBLISHED", "assignerShortName": "Splunk", "dateReserved": "2024-01-05T16:53:01.503Z", "datePublished": "2024-01-09T17:01:07.832Z", "dateUpdated": "2024-10-30T15:05:37.943Z"}, "containers": {"cna": {"affected": [{"product": "Splunk Enterprise Security (ES)", "vendor": "Splunk", "versions": [{"version": "7.3", "status": "affected", "versionType": "custom", "lessThan": "7.3.0"}, {"version": "7.2", "status": "affected", "versionType": "custom", "lessThan": "7.2.0"}, {"version": "7.1", "status": "affected", "versionType": "custom", "lessThan": "7.1.2"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessible."}], "value": "In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessible."}], "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2024-0101"}, {"url": "https://research.splunk.com/application/bb85b25e-2d6b-4e39-bd27-50db42edcb8f/"}], "title": "Denial of Service of an Investigation in Splunk Enterprise Security through Investigation attachments", "datePublic": "2024-01-09T00:00:00.000000", "metrics": [{"cvssV3_1": {"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "description": "The software does not properly control the allocation and maintenance of a limited resource thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.", "cweId": "CWE-400"}]}], "source": {"advisory": "SVD-2024-0101"}, "credits": [{"lang": "en", "value": "Vikram Ashtaputre, Splunk"}], "providerMetadata": {"orgId": "42b59230-ec95-491e-8425-5a5befa1a469", "shortName": "Splunk", "dateUpdated": "2024-10-30T15:05:37.943Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:35:34.908Z"}, "title": "CVE Program Container", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2024-0101", "tags": ["x_transferred"]}, {"url": "https://research.splunk.com/application/bb85b25e-2d6b-4e39-bd27-50db42edcb8f/", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:splunk:enterprise_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D79C40D-51D3-4A7E-A3FC-F8638D1E6AFA", "versionEndExcluding": "7.1.2", "versionStartIncluding": "7.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessible."}, {"lang": "es", "value": "En las versiones de Splunk Enterprise Security (ES) inferiores a 7.1.2, un atacante puede utilizar archivos adjuntos de investigaci\u00f3n para realizar una denegaci\u00f3n de servicio (DoS) a la investigaci\u00f3n. El endpoint del archivo adjunto no limita adecuadamente el tama\u00f1o de la solicitud, lo que permite que un atacante haga que la investigaci\u00f3n se vuelva inaccesible."}], "id": "CVE-2024-22164", "lastModified": "2024-11-21T08:55:43.037", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "prodsec@splunk.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-09T17:15:12.323", "references": [{"source": "prodsec@splunk.com", "tags": ["Vendor Advisory"], "url": "https://advisory.splunk.com/advisories/SVD-2024-0101"}, {"source": "prodsec@splunk.com", "tags": ["Vendor Advisory"], "url": "https://research.splunk.com/application/bb85b25e-2d6b-4e39-bd27-50db42edcb8f/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://advisory.splunk.com/advisories/SVD-2024-0101"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://research.splunk.com/application/bb85b25e-2d6b-4e39-bd27-50db42edcb8f/"}], "sourceIdentifier": "prodsec@splunk.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "prodsec@splunk.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}]}