A recently fixed vulnerability (CVE-2024-36991) affecting Splunk Enterprise on Windows “is more severe than it initially appeared,” according to SonicWall’s threat researchers. Several PoC exploits have been published, including one by IT consultant Mohamed Nabil Ali that performs bulk scanning for vulnerable internet-facing endpoints and attempts to read the /etc/passwd file. About CVE-2024-36991 Splunk Enterprise is a data analytics and monitoring platform that allows organization to collect and analyze machine-generated data from a variety of … More

The post Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991) appeared first on Help Net Security.