CVE-2022-43566
published 2022-11-04CVE-2022-43566: In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more privileged user’s permissions to bypass…
PriorityP344high8CVSS 3.1
AVNACLPRLUIRSUCHIHAH
EPSS
0.78%
51.2th percentile
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more privileged user’s permissions to bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards in the Analytics Workspace. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| samba | samba | >= 0 < 2:4.13.17~dfsg-0ubuntu0.21.04.1 | 2:4.13.17~dfsg-0ubuntu0.21.04.1 |
| splunk | splunk | >= 8.1.0 < 8.1.12 | 8.1.12 |
| splunk | splunk | >= 8.2.0 < 8.2.9 | 8.2.9 |
| splunk | splunk | >= 9.0.0 < 9.0.2 | 9.0.2 |
| splunk | splunk_cloud_platform | < 9.0.2208 | 9.0.2208 |
| splunk | splunk_enterprise | >= 8.1 < 8.1.12 | 8.1.12 |
| splunk | splunk_enterprise | >= 8.2 < 8.2.9 | 8.2.9 |
| splunk | splunk_enterprise | >= 9.0 < 9.0.2 | 9.0.2 |
CVSS provenance
nvdv3.18.0HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
osv2.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h93h-mcv3-8hvx: In Splunk Enterprise versions below 8
ghsa_unreviewed·2023-07-06
CVE-2022-43566 [HIGH] CWE-20 GHSA-h93h-mcv3-8hvx: In Splunk Enterprise versions below 8
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more privileged user’s permissions to bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards in the Analytics Workspace. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will.
OSV
samba vulnerabilities
osv·2022-02-01·CVSS 2.5
CVE-2021-44142 samba vulnerabilities
samba vulnerabilities
Orange Tsai discovered that the Samba vfs_fruit module incorrectly handled
certain memory operations. A remote attacker could use this issue to cause
Samba to crash, resulting in a denial of service, or possibly execute
arbitrary code as root. (CVE-2021-44142)
Michael Hanselmann discovered that Samba incorrectly created directories.
In certain configurations, a remote attacker could possibly create a
directory on the server outside of the shared directory. (CVE-2021-43566)
Kees van Vloten discovered that Samba incorrectly handled certain aliased
SPN checks. A remote attacker could possibly use this issue to impersonate
services. (CVE-2022-0336)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://research.splunk.com/application/b6d77c6c-f011-4b03-8650-8f10edb7c4a8/https://www.splunk.com/en_us/product-security/announcements/svd-2022-1106.htmlhttps://research.splunk.com/application/b6d77c6c-f011-4b03-8650-8f10edb7c4a8/https://www.splunk.com/en_us/product-security/announcements/svd-2022-1106.html
2022-11-04
Published