CVE-2022-32157 - OpenCVE

Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Once enabled, deployment servers can manage only Universal Forwarder versions 9.0 and higher. Though the vulnerability does not directly affect Universal Forwarders, remediation requires updating all Universal Forwarders that the deployment server manages to version 9.0 or higher prior to enabling the remediation.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Splunk	Splunk

Configuration 1 [-]

cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*

No data.

References

Link	Providers
https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients
https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates
https://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/
https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: Splunk

Published: 2022-06-15T16:50:14.702126Z

Updated: 2024-09-17T02:57:39.248Z

Reserved: 2022-05-31T00:00:00

Link: CVE-2022-32157

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-06-15T17:15:09.200

Modified: 2022-06-24T00:51:02.803

Link: CVE-2022-32157

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Splunk Enterprise", "vendor": "Splunk, Inc", "versions": [{"lessThan": "9.0", "status": "affected", "version": "9.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Nadim Taha at Splunk"}], "datePublic": "2022-06-14T00:00:00", "descriptions": [{"lang": "en", "value": "Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Once enabled, deployment servers can manage only Universal Forwarder versions 9.0 and higher. Though the vulnerability does not directly affect Universal Forwarders, remediation requires updating all Universal Forwarders that the deployment server manages to version 9.0 or higher prior to enabling the remediation."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-15T16:50:14", "orgId": "42b59230-ec95-491e-8425-5a5befa1a469", "shortName": "Splunk"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/"}], "source": {"advisory": "SVD-2022-0607", "discovery": "INTERNAL"}, "title": "Splunk Enterprise deployment servers allow unauthenticated forwarder bundle downloads", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "prodsec@splunk.com", "DATE_PUBLIC": "2022-06-14T11:55:00.000Z", "ID": "CVE-2022-32157", "STATE": "PUBLIC", "TITLE": "Splunk Enterprise deployment servers allow unauthenticated forwarder bundle downloads"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Splunk Enterprise", "version": {"version_data": [{"version_affected": "<", "version_name": "9.0", "version_value": "9.0"}]}}]}, "vendor_name": "Splunk, Inc"}]}}, "credit": [{"lang": "eng", "value": "Nadim Taha at Splunk"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Once enabled, deployment servers can manage only Universal Forwarder versions 9.0 and higher. Though the vulnerability does not directly affect Universal Forwarders, remediation requires updating all Universal Forwarders that the deployment server manages to version 9.0 or higher prior to enabling the remediation."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-306 Missing Authentication for Critical Function"}]}]}, "references": {"reference_data": [{"name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", "refsource": "CONFIRM", "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"}, {"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.html", "refsource": "CONFIRM", "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.html"}, {"name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients", "refsource": "CONFIRM", "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients"}, {"name": "https://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/", "refsource": "CONFIRM", "url": "https://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/"}]}, "source": {"advisory": "SVD-2022-0607", "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:32:56.013Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/"}]}]}, "cveMetadata": {"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469", "assignerShortName": "Splunk", "cveId": "CVE-2022-32157", "datePublished": "2022-06-15T16:50:14.702126Z", "dateReserved": "2022-05-31T00:00:00", "dateUpdated": "2024-09-17T02:57:39.248Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "A6CE3B90-F8EF-4DC2-80FF-2B791F152037", "versionEndExcluding": "9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Once enabled, deployment servers can manage only Universal Forwarder versions 9.0 and higher. Though the vulnerability does not directly affect Universal Forwarders, remediation requires updating all Universal Forwarders that the deployment server manages to version 9.0 or higher prior to enabling the remediation."}, {"lang": "es", "value": "Los servidores de implementaci\u00f3n de Splunk Enterprise en versiones anteriores a 9.0, permiten una descarga no autenticada de paquetes de reenv\u00edo. La correcci\u00f3n requiere que actualice el servidor de implementaci\u00f3n a versi\u00f3n 9.0 y que configure la autenticaci\u00f3n para los servidores de implementaci\u00f3n y los clientes (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Una vez habilitada, los servidores de implantaci\u00f3n s\u00f3lo pueden administrar las versiones 9.0 y superiores de Universal Forwarder. Aunque la vulnerabilidad no afecta directamente a Universal Forwarders, la correcci\u00f3n requiere la actualizaci\u00f3n de todos los Universal Forwarders que el servidor de implementaci\u00f3n administra a versi\u00f3n 9.0 o superior antes de habilitar la reparaci\u00f3n"}], "id": "CVE-2022-32157", "lastModified": "2022-06-24T00:51:02.803", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "prodsec@splunk.com", "type": "Secondary"}]}, "published": "2022-06-15T17:15:09.200", "references": [{"source": "prodsec@splunk.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients"}, {"source": "prodsec@splunk.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"}, {"source": "prodsec@splunk.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://research.splunk.com/application/splunk_process_injection_forwarder_bundle_downloads/"}, {"source": "prodsec@splunk.com", "tags": ["Vendor Advisory"], "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.html"}], "sourceIdentifier": "prodsec@splunk.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-306"}], "source": "prodsec@splunk.com", "type": "Secondary"}]}