{"containers": {"cna": {"affected": [{"product": "Universal Forwarder", "vendor": "Splunk, Inc", "versions": [{"lessThan": "9.0", "status": "affected", "version": "9.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Chris Green at Splunk"}], "datePublic": "2022-06-14T00:00:00", "descriptions": [{"lang": "en", "value": "In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to localhost preventing remote logins by default. If management services are not required in versions before 9.0, set disableDefaultPort = true in server.conf OR allowRemoteLogin = never in server.conf OR mgmtHostPort = localhost in web.conf. See Configure universal forwarder management security (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) for more information on disabling the remote management services."}], "providerMetadata": {"dateUpdated": "2022-06-15T16:49:26", "orgId": "42b59230-ec95-491e-8425-5a5befa1a469", "shortName": "Splunk"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security"}], "source": {"advisory": "SVD-2022-0605", "discovery": "INTERNAL"}, "title": "Universal Forwarder management services allows remote login by default", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "prodsec@splunk.com", "DATE_PUBLIC": "2022-06-14T11:55:00.000Z", "ID": "CVE-2022-32155", "STATE": "PUBLIC", "TITLE": "Universal Forwarder management services allows remote login by default"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Universal Forwarder", "version": {"version_data": [{"version_affected": "<", "version_name": "9.0", "version_value": "9.0"}]}}]}, "vendor_name": "Splunk, Inc"}]}}, "credit": [{"lang": "eng", "value": "Chris Green at Splunk"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to localhost preventing remote logins by default. If management services are not required in versions before 9.0, set disableDefaultPort = true in server.conf OR allowRemoteLogin = never in server.conf OR mgmtHostPort = localhost in web.conf. See Configure universal forwarder management security (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) for more information on disabling the remote management services."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": ""}]}]}, "references": {"reference_data": [{"name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", "refsource": "CONFIRM", "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"}, {"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html", "refsource": "CONFIRM", "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html"}, {"name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security", "refsource": "CONFIRM", "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security"}]}, "source": {"advisory": "SVD-2022-0605", "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:32:56.013Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security"}]}]}, "cveMetadata": {"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469", "assignerShortName": "Splunk", "cveId": "CVE-2022-32155", "datePublished": "2022-06-15T16:49:26.618027Z", "dateReserved": "2022-05-31T00:00:00", "dateUpdated": "2024-09-16T20:12:22.106Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "A6CE3B90-F8EF-4DC2-80FF-2B791F152037", "versionEndExcluding": "9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "87852670-65F6-4EE8-ABD5-BC25137868DD", "versionEndExcluding": "8.2.2106", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to localhost preventing remote logins by default. If management services are not required in versions before 9.0, set disableDefaultPort = true in server.conf OR allowRemoteLogin = never in server.conf OR mgmtHostPort = localhost in web.conf. See Configure universal forwarder management security (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) for more information on disabling the remote management services."}, {"lang": "es", "value": "En forwarder universal versiones anteriores a 9.0, los servicios de administraci\u00f3n est\u00e1n disponibles de forma remota por defecto. Cuando no es requerido, introduce una exposici\u00f3n potencial, pero no es una vulnerabilidad. Si es expuesta, recomendamos que cada cliente eval\u00fae la gravedad potencial espec\u00edfica de su entorno. En versi\u00f3n 9.0, el reenviador universal vincula ahora el puerto de administraci\u00f3n a localhost, lo que impide el inicio de sesi\u00f3n remoto por defecto. Si los servicios de administraci\u00f3n no son necesarios en versiones anteriores a 9.0, establezca disableDefaultPort = true en server.conf O allowRemoteLogin = never en server.conf O mgmtHostPort = localhost en web.conf. Consulte Configurar la seguridad de la administraci\u00f3n del reenviador universal (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) para obtener m\u00e1s informaci\u00f3n sobre la deshabilitaci\u00f3n de los servicios de administraci\u00f3n remota"}], "id": "CVE-2022-32155", "lastModified": "2022-06-24T01:21:24.623", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-15T17:15:09.087", "references": [{"source": "prodsec@splunk.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security"}, {"source": "prodsec@splunk.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"}, {"source": "prodsec@splunk.com", "tags": ["Vendor Advisory"], "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html"}], "sourceIdentifier": "prodsec@splunk.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}