{"uuid": "ce635e1a-0e4b-4cf2-8dd1-e4241792799d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3422", "type": "seen", "source": "https://t.me/cibsecurity/39553", "content": "\u203c CVE-2021-3422 \u203c\n\nThe lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. See https://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Enableareceiver for more information on configuring an indexer to listen for UF traffic. It does not impact Universal Forwarders. When Splunk forwarding is secured using TLS or a Token, the attack requires compromising the certificate or token, or both. As a partial mitigation and a security best practice, see https://docs.splunk.com/Documentation/Splunk/latest/Security/ConfigureSplunkforwardingtousesignedcertificates and https://docs.splunk.com/Documentation/Forwarder/latest/Forwarder/Controlforwarderaccess. Implementation of either or both reduces the severity to Medium.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-25T21:30:56.000000Z"}