CVE-2022-32158Improper Access Control in INC Splunk Enterprise

CWE-284Improper Access Control3 documents3 sources
Severity
10.0CRITICALNVD
CNA9.0
EPSS
1.2%
top 20.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Splunk INC Splunk EnterpriseSplunk
Timeline
PublishedJun 15
Latest updateJun 16

Description

Splunk Enterprise deployment servers in versions before 8.1.10.1, 8.2.6.1, and 9.0 let clients deploy forwarder bundles to other deployment clients through the deployment server. An attacker that compromised a Universal Forwarder endpoint could use the vulnerability to execute arbitrary code on all other Universal Forwarder endpoints subscribed to the deployment server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages2 packages

CVEListV5splunk_inc/splunk_enterprise9.09.0+2
NVDsplunk/splunk< 9.0

🔴Vulnerability Details

2
GHSA
GHSA-c2gm-46v7-vh4c: Splunk Enterprise deployment servers in versions before 92022-06-16
CVEList
Splunk Enterprise deployment servers allow client publishing of forwarder bundles2022-06-15
CVE-2022-32158 — Improper Access Control | cvebase