CVE-2022-32155 — Incorrect Permission Assignment in INC Universal Forwarder

CWE-732 — Incorrect Permission Assignment3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 37.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Splunk INC Universal Forwarder Splunk Splunk Cloud Platform

Timeline

PublishedJun 15

Latest updateJun 16

Description

In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to localhost preventing remote logins by default. If management services are not required in versions before 9.0, set disableDefaultPort = true in server.…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5splunk_inc/universal_forwarder9.0 — 9.0

▶NVDsplunk/splunk< 9.0

▶NVDsplunk/splunk_cloud_platform< 8.2.2106

🔴Vulnerability Details

GHSA

GHSA-f27x-prv4-7q7x: In universal forwarder versions before 9↗2022-06-16

▶

CVEList

Universal Forwarder management services allows remote login by default↗2022-06-15

▶