QwikSec

Security Database

CVE

CWE

Training

CVE-2022-32157

Published: Jun 15, 2022

Modified: Sep 17, 2024

PUBLISHED

CVSS v3.1

7.5

HIGH

Description

Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Once enabled, deployment servers can manage only Universal Forwarder versions 9.0 and higher. Though the vulnerability does not directly affect Universal Forwarders, remediation requires updating all Universal Forwarders that the deployment server manages to version 9.0 or higher prior to enabling the remediation.

Vendor	Product	Versions
Splunk, Inc	Splunk Enterprise	affected `9.0 - < 9.0`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

References

https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates

x_refsource_CONFIRM

https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.html

x_refsource_CONFIRM

https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients

x_refsource_CONFIRM

https://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.