CVE-2023-32716

Status: Modified

Last modified: 10-04-2024

Published: 01-06-2023

6.5

SUMMARY CVE-2023-32716

In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, an attacker can exploit a vulnerability in the {{dump}} SPL command to cause a denial of service by crashing the Splunk daemon.

Access CVSS3 CVE-2023-32716

Attack Complexity	Attack Vector	Privileges Required	Scope	User Interaction
LOW	NETWORK	LOW	UNCHANGED	NONE

Impact CVSS3 CVE-2023-32716

Confidentiality	Integrity	Availability
NONE	NONE	HIGH

Details CVE-2023-32716

EPSS	0.00076
EPSS %	0.33566
References	https://advisory.splunk.com/advisories/SVD-2023-0611 https://research.splunk.com/application/fb0e6823-365f-48ed-b09e-272ac4c1dad6/
CWE	CWE-754
Vulnerable Configurations	cpe:2.3:a:splunk:splunk:8.1.0::::enterprise::: cpe:2.3:a:splunk:splunk:8.1.0::::enterprise::: cpe:2.3:a:splunk:splunk:8.1.1::::enterprise::: cpe:2.3:a:splunk:splunk:8.1.1::::enterprise::: cpe:2.3:a:splunk:splunk:8.1.2::::enterprise::: cpe:2.3:a:splunk:splunk:8.1.2::::enterprise::: cpe:2.3:a:splunk:splunk:8.1.4::::enterprise::: cpe:2.3:a:splunk:splunk:8.1.4::::enterprise::: cpe:2.3:a:splunk:splunk:8.1.5::::enterprise::: cpe:2.3:a:splunk:splunk:8.1.5::::enterprise::: cpe:2.3:a:splunk:splunk:8.1.6::::enterprise::: cpe:2.3:a:splunk:splunk:8.1.6::::enterprise::: cpe:2.3:a:splunk:splunk:8.1.7::::enterprise::: cpe:2.3:a:splunk:splunk:8.1.7::::enterprise::: cpe:2.3:a:splunk:splunk:8.1.12::::enterprise::: cpe:2.3:a:splunk:splunk:8.1.12::::enterprise::: cpe:2.3:a:splunk:splunk:8.1.13::::enterprise::: cpe:2.3:a:splunk:splunk:8.1.13::::enterprise::: cpe:2.3:a:splunk:splunk:8.2.0::::enterprise::: cpe:2.3:a:splunk:splunk:8.2.0::::enterprise::: cpe:2.3:a:splunk:splunk:8.2.9::::enterprise::: cpe:2.3:a:splunk:splunk:8.2.9::::enterprise::: cpe:2.3:a:splunk:splunk:8.2.10::::enterprise::: cpe:2.3:a:splunk:splunk:8.2.10::::enterprise::: cpe:2.3:a:splunk:splunk:9.0.0::::enterprise::: cpe:2.3:a:splunk:splunk:9.0.0::::enterprise::: cpe:2.3:a:splunk:splunk:9.0.3::::enterprise::: cpe:2.3:a:splunk:splunk:9.0.3::::enterprise::: cpe:2.3:a:splunk:splunk:9.0.4::::enterprise::: cpe:2.3:a:splunk:splunk:9.0.4::::enterprise::: cpe:2.3:a:splunk:splunk_cloud_platform:-:::::::* cpe:2.3:a:splunk:splunk_cloud_platform:-:::::::* cpe:2.3:a:splunk:splunk_cloud_platform:8.1.2103:::::::* cpe:2.3:a:splunk:splunk_cloud_platform:8.1.2103:::::::* cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2105:::::::* cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2105:::::::* cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2106:::::::* cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2106:::::::* cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2107:::::::* cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2107:::::::* cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2109:::::::* cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2109:::::::* cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2111:::::::* cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2111:::::::* cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2112:::::::* cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2112:::::::* cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2201:::::::* cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2201:::::::* cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2202:::::::* cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2202:::::::* cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2203:::::::* cpe:2.3:a:splunk:splunk_cloud_platform:8.2.2203:::::::* cpe:2.3:a:splunk:splunk_cloud_platform:9.0.2209:::::::* cpe:2.3:a:splunk:splunk_cloud_platform:9.0.2209:::::::* cpe:2.3:a:splunk:splunk_cloud_platform:9.0.2209.3:::::::* cpe:2.3:a:splunk:splunk_cloud_platform:9.0.2209.3:::::::*
CVSS3 Source	nvd@nist.gov
CVSS3 Type	Primary
CVSS3 Vector	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H