CVE-2023-40594

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 30, 2023
Updated: Apr 10, 2024
CWE ID 400

Summary

CVE-2023-40594 is a vulnerability affecting Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1. An attacker can exploit this issue by using the `printf` SPL (Search Processing Language) function to trigger a denial of service (DoS) against the affected Splunk Enterprise instance. The vulnerability allows an attacker to send specially crafted input to the system, leading to excessive resource consumption and potential unavailability of the service. This issue may result in significant downtime and disruption to operations if left unpatched.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Splunk Cloud
  • SPLUNK Enterprise Security

Affected Vendors

  • Splunk