CVE-2022-32157
Vulnerability from cvelistv5
Published
2022-06-15 16:50
Modified
2024-09-17 02:57
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Once enabled, deployment servers can manage only Universal Forwarder versions 9.0 and higher. Though the vulnerability does not directly affect Universal Forwarders, remediation requires updating all Universal Forwarders that the deployment server manages to version 9.0 or higher prior to enabling the remediation.
References
prodsec@splunk.comhttps://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clientsMitigation, Vendor Advisory
prodsec@splunk.comhttps://docs.splunk.com/Documentation/Splunk/9.0.0/Security/UpdatesRelease Notes, Vendor Advisory
prodsec@splunk.comhttps://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/Mitigation, Vendor Advisory
prodsec@splunk.comhttps://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clientsMitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/UpdatesRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.htmlVendor Advisory
Impacted products
Vendor Product Version
Splunk, Inc Splunk Enterprise Version: 9.0   < 9.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T07:32:56.013Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Splunk Enterprise",
               vendor: "Splunk, Inc",
               versions: [
                  {
                     lessThan: "9.0",
                     status: "affected",
                     version: "9.0",
                     versionType: "custom",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               value: "Nadim Taha at Splunk",
            },
         ],
         datePublic: "2022-06-14T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Once enabled, deployment servers can manage only Universal Forwarder versions 9.0 and higher. Though the vulnerability does not directly affect Universal Forwarders, remediation requires updating all Universal Forwarders that the deployment server manages to version 9.0 or higher prior to enabling the remediation.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-306",
                     description: "CWE-306 Missing Authentication for Critical Function",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-06-15T16:50:14",
            orgId: "42b59230-ec95-491e-8425-5a5befa1a469",
            shortName: "Splunk",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/",
            },
         ],
         source: {
            advisory: "SVD-2022-0607",
            discovery: "INTERNAL",
         },
         title: "Splunk Enterprise deployment servers allow unauthenticated forwarder bundle downloads",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "prodsec@splunk.com",
               DATE_PUBLIC: "2022-06-14T11:55:00.000Z",
               ID: "CVE-2022-32157",
               STATE: "PUBLIC",
               TITLE: "Splunk Enterprise deployment servers allow unauthenticated forwarder bundle downloads",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Splunk Enterprise",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_name: "9.0",
                                          version_value: "9.0",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Splunk, Inc",
                     },
                  ],
               },
            },
            credit: [
               {
                  lang: "eng",
                  value: "Nadim Taha at Splunk",
               },
            ],
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Once enabled, deployment servers can manage only Universal Forwarder versions 9.0 and higher. Though the vulnerability does not directly affect Universal Forwarders, remediation requires updating all Universal Forwarders that the deployment server manages to version 9.0 or higher prior to enabling the remediation.",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-306 Missing Authentication for Critical Function",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates",
                     refsource: "CONFIRM",
                     url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates",
                  },
                  {
                     name: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.html",
                     refsource: "CONFIRM",
                     url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.html",
                  },
                  {
                     name: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients",
                     refsource: "CONFIRM",
                     url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients",
                  },
                  {
                     name: "https://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/",
                     refsource: "CONFIRM",
                     url: "https://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/",
                  },
               ],
            },
            source: {
               advisory: "SVD-2022-0607",
               discovery: "INTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469",
      assignerShortName: "Splunk",
      cveId: "CVE-2022-32157",
      datePublished: "2022-06-15T16:50:14.702126Z",
      dateReserved: "2022-05-31T00:00:00",
      dateUpdated: "2024-09-17T02:57:39.248Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2022-32157\",\"sourceIdentifier\":\"prodsec@splunk.com\",\"published\":\"2022-06-15T17:15:09.200\",\"lastModified\":\"2024-11-21T07:05:51.513\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Once enabled, deployment servers can manage only Universal Forwarder versions 9.0 and higher. Though the vulnerability does not directly affect Universal Forwarders, remediation requires updating all Universal Forwarders that the deployment server manages to version 9.0 or higher prior to enabling the remediation.\"},{\"lang\":\"es\",\"value\":\"Los servidores de implementación de Splunk Enterprise en versiones anteriores a 9.0, permiten una descarga no autenticada de paquetes de reenvío. La corrección requiere que actualice el servidor de implementación a versión 9.0 y que configure la autenticación para los servidores de implementación y los clientes (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Una vez habilitada, los servidores de implantación sólo pueden administrar las versiones 9.0 y superiores de Universal Forwarder. Aunque la vulnerabilidad no afecta directamente a Universal Forwarders, la corrección requiere la actualización de todos los Universal Forwarders que el servidor de implementación administra a versión 9.0 o superior antes de habilitar la reparación\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"prodsec@splunk.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"prodsec@splunk.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*\",\"versionEndExcluding\":\"9.0\",\"matchCriteriaId\":\"A6CE3B90-F8EF-4DC2-80FF-2B791F152037\"}]}]}],\"references\":[{\"url\":\"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients\",\"source\":\"prodsec@splunk.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates\",\"source\":\"prodsec@splunk.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/\",\"source\":\"prodsec@splunk.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.html\",\"source\":\"prodsec@splunk.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
   },
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.