CVE-2022-32157Missing Authentication for Critical Function in INC Splunk Enterprise

CWE-306Missing Authentication for Critical Function3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 33.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Splunk INC Splunk EnterpriseSplunk
Timeline
PublishedJun 15
Latest updateJun 16

Description

Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Once enabled, deployment servers can manage only Universal Forwarder versions 9.0 and higher. Thou

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5splunk_inc/splunk_enterprise9.09.0
NVDsplunk/splunk< 9.0

🔴Vulnerability Details

2
GHSA
GHSA-56rw-hqqv-mjgx: Splunk Enterprise deployment servers in versions before 92022-06-16
CVEList
Splunk Enterprise deployment servers allow unauthenticated forwarder bundle downloads2022-06-15
CVE-2022-32157 — INC Splunk Enterprise vulnerability | cvebase