Vulnerability Details : CVE-2022-32157
Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Once enabled, deployment servers can manage only Universal Forwarder versions 9.0 and higher. Though the vulnerability does not directly affect Universal Forwarders, remediation requires updating all Universal Forwarders that the deployment server manages to version 9.0 or higher prior to enabling the remediation.
Products affected by CVE-2022-32157
- cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-32157
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 49 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-32157
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
Splunk Inc. |
CWE ids for CVE-2022-32157
-
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.Assigned by:
- nvd@nist.gov (Primary)
- prodsec@splunk.com (Secondary)
References for CVE-2022-32157
-
https://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/
Splunk Process Injection Forwarder Bundle Downloads - Splunk Security ContentMitigation;Vendor Advisory
-
https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates
Security updates - Splunk DocumentationRelease Notes;Vendor Advisory
-
https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.html
SVD-2022-0607 | SplunkVendor Advisory
-
https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients
Configure authentication for deployment servers and clients - Splunk DocumentationMitigation;Vendor Advisory
Jump to