Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2023-32707

Published: 01/06/2023 Updated: 10/04/2024
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Splunk

Vulnerability Summary

In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

splunk splunk cloud platform

splunk splunk

Vendor Advisories

Check Point Security Alerts: Splunk Enterprise Privilege Escalation (CVE-2023-32707)
Check Point Reference: CPAI-2023-1387 Date Published: 20 Dec 2023 Severity: High ...

Exploits

Exploit DB: Splunk Enterprise Account Takeover
Splunk Enterprise versions below 905, 8211, and 8114 allows low-privileged users who hold a role with edit_user capability assigned to it the ability to escalate their privileges to that of the admin user by providing specially crafted web requests ...
Exploit DB: Splunk edit_user Capability Privilege Escalation
Splunk suffers from an issue where a low-privileged user who holds a role that has the edit_user capability assigned to it can escalate their privileges to that of the admin user by providing a specially crafted web request This is because the edit_user capability does not honor the grantableRoles setting in the authorizeconf configuration file, ...

Github Repositories

https://github.com/redwaysecurity/CVEs

A collection of proof-of-concept exploit scripts written by the team at Redway Security for various CVEs.

Redway CVE Proof-of-Concept Exploits A collection of proof-of-concept exploit scripts written by the team at Redway Security for various CVEs CVE-2022-2992: Remote Command Execution via Github import CVE-2023-32707: Splunk 'edit_user' Capability Privilege Escalation DISCLAIMER This Git repository contains code, scripts, and documentation related to security exploit

https://github.com/9xN/CVE-2023-32707

An improved POC exploit based on the reported CVE on exploitdb

CVE-2023-32707 An improved POC exploit based on the reported CVE on exploitdb Exploit Title: Splunk 905 - Admin Account Takeover CVE: CVE-2023-32707 Overview This script allows for exploiting a vulnerability in Splunk 905, leading to admin account takeover The exploit leverages a low-privilege user with the edit_user capability to escalate privileges Prerequisites Python

https://github.com/LoanVitor/Splunk-9.0.5---admin-account-take-over

This script appears to be a Python exploit for a vulnerability in Splunk version 905, 8211, and 8114, identified by the CVE-2023-32707 The vulnerability allows a low-privileged user with the edit_user capability to escalate their privileges to that of the admin user by providing specially crafted web requests Here's a brief overview of the script: Import Required M

References

NVD-CWE-noinfohttps://research.splunk.com/application/39e1c326-67d7-4c0d-8584-8056354f6593/https://advisory.splunk.com/advisories/SVD-2023-0602https://nvd.nist.govhttps://github.com/redwaysecurity/CVEshttps://packetstormsecurity.com/files/174602/Splunk-Enterprise-Account-Takeover.htmlhttps://advisories.checkpoint.com/defense/advisories/public/2023/cpai-2023-1387.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook