Lucene search

SplunkCVELIST:CVE-2022-43563

HistoryNov 04, 2022 - 10:19 p.m.

CVE-2022-43563 Risky command safeguards bypass via rex search command field names in Splunk Enterprise

2022-11-0422:19:55

CWE-20

Splunk

www.cve.org

cve-2022-43563

splunk enterprise

safeguards

rex search command

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.5%

JSON

In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Splunk Enterprise",
    "vendor": "Splunk",
    "versions": [
      {
        "lessThan": "8.1.12",
        "status": "affected",
        "version": "8.1",
        "versionType": "custom"
      },
      {
        "lessThan": "8.2.9",
        "status": "affected",
        "version": "8.2",
        "versionType": "custom"
      }
    ]
  }
]

References

www.splunk.com/en_us/product-security/announcements/svd-2022-1103.html

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.5%

JSON

Related for CVELIST:CVE-2022-43563