Lucene search

[email protected]CVE-2022-32157

HistoryJun 15, 2022 - 5:15 p.m.

CVE-2022-32157

2022-06-1517:15:09

CWE-306

[email protected]

web.nvd.nist.gov

cve-2022-32157

splunk

enterprise

deployment servers

unauthenticated downloading

forwarder bundles

security

vulnerability

update

authentication

universal forwarder

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

49.7%

JSON

Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Once enabled, deployment servers can manage only Universal Forwarder versions 9.0 and higher. Though the vulnerability does not directly affect Universal Forwarders, remediation requires updating all Universal Forwarders that the deployment server manages to version 9.0 or higher prior to enabling the remediation.

Affected configurations

NVD

Node

splunksplunkRange<9.0enterprise

CPENameOperatorVersion
splunk:splunksplunklt9.0

CPE	Name	Operator	Version
splunk:splunk	splunk	lt	9.0

CNA Affected

[
  {
    "product": "Splunk Enterprise",
    "vendor": "Splunk, Inc",
    "versions": [
      {
        "lessThan": "9.0",
        "status": "affected",
        "version": "9.0",
        "versionType": "custom"
      }
    ]
  }
]

References

docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients

docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates

research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/

www.splunk.com/en_us/product-security/announcements/svd-2022-0607.html

Social References

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

49.7%

JSON

Related for CVE-2022-32157

nvd1 nessus1 prion1 cvelist1