cvelistv5 - CVE-2022-32155

CVE-2022-32155 (GCVE-0-2022-32155)

Vulnerability from cvelistv5 – Published: 2022-06-15 16:49 – Updated: 2024-09-16 20:12

Summary

In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to localhost preventing remote logins by default. If management services are not required in versions before 9.0, set disableDefaultPort = true in server.conf OR allowRemoteLogin = never in server.conf OR mgmtHostPort = localhost in web.conf. See Configure universal forwarder management security (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) for more information on disabling the remote management services.

Severity ?

No CVSS data available.

Assigner

Splunk

References

URL

Tags

	https://docs.splunk.com/Documentation/Splunk/9.0.…	x_refsource_CONFIRM
	https://www.splunk.com/en_us/product-security/ann…	x_refsource_CONFIRM
	https://docs.splunk.com/Documentation/Splunk/9.0.…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Splunk, Inc	Universal Forwarder	Affected: 9.0 , < 9.0 (custom)

Credits

Chris Green at Splunk

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:32:56.013Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Universal Forwarder",
          "vendor": "Splunk, Inc",
          "versions": [
            {
              "lessThan": "9.0",
              "status": "affected",
              "version": "9.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Chris Green at Splunk"
        }
      ],
      "datePublic": "2022-06-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to localhost preventing remote logins by default. If management services are not required in versions before 9.0, set disableDefaultPort = true in server.conf OR allowRemoteLogin = never in server.conf OR mgmtHostPort = localhost in web.conf. See Configure universal forwarder management security (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) for more information on disabling the remote management services."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-15T16:49:26",
        "orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
        "shortName": "Splunk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security"
        }
      ],
      "source": {
        "advisory": "SVD-2022-0605",
        "discovery": "INTERNAL"
      },
      "title": "Universal Forwarder management services allows remote login by default",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "prodsec@splunk.com",
          "DATE_PUBLIC": "2022-06-14T11:55:00.000Z",
          "ID": "CVE-2022-32155",
          "STATE": "PUBLIC",
          "TITLE": "Universal Forwarder management services allows remote login by default"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Universal Forwarder",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "9.0",
                            "version_value": "9.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Splunk, Inc"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Chris Green at Splunk"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to localhost preventing remote logins by default. If management services are not required in versions before 9.0, set disableDefaultPort = true in server.conf OR allowRemoteLogin = never in server.conf OR mgmtHostPort = localhost in web.conf. See Configure universal forwarder management security (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) for more information on disabling the remote management services."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": ""
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates",
              "refsource": "CONFIRM",
              "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
            },
            {
              "name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html",
              "refsource": "CONFIRM",
              "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html"
            },
            {
              "name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security",
              "refsource": "CONFIRM",
              "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security"
            }
          ]
        },
        "source": {
          "advisory": "SVD-2022-0605",
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
    "assignerShortName": "Splunk",
    "cveId": "CVE-2022-32155",
    "datePublished": "2022-06-15T16:49:26.618027Z",
    "dateReserved": "2022-05-31T00:00:00",
    "dateUpdated": "2024-09-16T20:12:22.106Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*\", \"versionEndExcluding\": \"9.0\", \"matchCriteriaId\": \"A6CE3B90-F8EF-4DC2-80FF-2B791F152037\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.2.2106\", \"matchCriteriaId\": \"87852670-65F6-4EE8-ABD5-BC25137868DD\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to localhost preventing remote logins by default. If management services are not required in versions before 9.0, set disableDefaultPort = true in server.conf OR allowRemoteLogin = never in server.conf OR mgmtHostPort = localhost in web.conf. See Configure universal forwarder management security (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) for more information on disabling the remote management services.\"}, {\"lang\": \"es\", \"value\": \"En forwarder universal versiones anteriores a 9.0, los servicios de administraci\\u00f3n est\\u00e1n disponibles de forma remota por defecto. Cuando no es requerido, introduce una exposici\\u00f3n potencial, pero no es una vulnerabilidad. Si es expuesta, recomendamos que cada cliente eval\\u00fae la gravedad potencial espec\\u00edfica de su entorno. En versi\\u00f3n 9.0, el reenviador universal vincula ahora el puerto de administraci\\u00f3n a localhost, lo que impide el inicio de sesi\\u00f3n remoto por defecto. Si los servicios de administraci\\u00f3n no son necesarios en versiones anteriores a 9.0, establezca disableDefaultPort = true en server.conf O allowRemoteLogin = never en server.conf O mgmtHostPort = localhost en web.conf. Consulte Configurar la seguridad de la administraci\\u00f3n del reenviador universal (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) para obtener m\\u00e1s informaci\\u00f3n sobre la deshabilitaci\\u00f3n de los servicios de administraci\\u00f3n remota\"}]",
      "id": "CVE-2022-32155",
      "lastModified": "2024-11-21T07:05:51.250",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-06-15T17:15:09.087",
      "references": "[{\"url\": \"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security\", \"source\": \"prodsec@splunk.com\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates\", \"source\": \"prodsec@splunk.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html\", \"source\": \"prodsec@splunk.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "prodsec@splunk.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-732\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-32155\",\"sourceIdentifier\":\"prodsec@splunk.com\",\"published\":\"2022-06-15T17:15:09.087\",\"lastModified\":\"2024-11-21T07:05:51.250\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to localhost preventing remote logins by default. If management services are not required in versions before 9.0, set disableDefaultPort = true in server.conf OR allowRemoteLogin = never in server.conf OR mgmtHostPort = localhost in web.conf. See Configure universal forwarder management security (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) for more information on disabling the remote management services.\"},{\"lang\":\"es\",\"value\":\"En forwarder universal versiones anteriores a 9.0, los servicios de administraci\u00f3n est\u00e1n disponibles de forma remota por defecto. Cuando no es requerido, introduce una exposici\u00f3n potencial, pero no es una vulnerabilidad. Si es expuesta, recomendamos que cada cliente eval\u00fae la gravedad potencial espec\u00edfica de su entorno. En versi\u00f3n 9.0, el reenviador universal vincula ahora el puerto de administraci\u00f3n a localhost, lo que impide el inicio de sesi\u00f3n remoto por defecto. Si los servicios de administraci\u00f3n no son necesarios en versiones anteriores a 9.0, establezca disableDefaultPort = true en server.conf O allowRemoteLogin = never en server.conf O mgmtHostPort = localhost en web.conf. Consulte Configurar la seguridad de la administraci\u00f3n del reenviador universal (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) para obtener m\u00e1s informaci\u00f3n sobre la deshabilitaci\u00f3n de los servicios de administraci\u00f3n remota\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*\",\"versionEndExcluding\":\"9.0\",\"matchCriteriaId\":\"A6CE3B90-F8EF-4DC2-80FF-2B791F152037\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.2.2106\",\"matchCriteriaId\":\"87852670-65F6-4EE8-ABD5-BC25137868DD\"}]}]}],\"references\":[{\"url\":\"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security\",\"source\":\"prodsec@splunk.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates\",\"source\":\"prodsec@splunk.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html\",\"source\":\"prodsec@splunk.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2022-AVI-548

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Splunk	Universal Forwarder	Universal Forwarder versions antérieures à 9.0
Splunk	Splunk Enterprise	Splunk Enterprise versions antérieures à 9.0
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions antérieures à 8.2.2203

References

Title

Publication Time

Tags

Bulletin de sécurité Splunk svd-2022-0604 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0603 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0605 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0601 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0602 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0607 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0608 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0606 du 14 juin 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Universal Forwarder versions ant\u00e9rieures \u00e0 9.0",
      "product": {
        "name": "Universal Forwarder",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions ant\u00e9rieures \u00e0 9.0",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Cloud Platform versions ant\u00e9rieures \u00e0 8.2.2203",
      "product": {
        "name": "Splunk Cloud Platform",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-32152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32152"
    },
    {
      "name": "CVE-2022-32151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32151"
    },
    {
      "name": "CVE-2022-32155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32155"
    },
    {
      "name": "CVE-2022-32156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32156"
    },
    {
      "name": "CVE-2022-32154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32154"
    },
    {
      "name": "CVE-2022-32153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32153"
    },
    {
      "name": "CVE-2022-32158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32158"
    },
    {
      "name": "CVE-2022-32157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32157"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-548",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-06-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSplunk. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0604 du 14 juin 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0603 du 14 juin 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0603.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0605 du 14 juin 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0601 du 14 juin 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0601.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0602 du 14 juin 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0602.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0607 du 14 juin 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0608 du 14 juin 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0608.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0606 du 14 juin 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0606.html"
    }
  ]
}

CERTFR-2022-AVI-548

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Splunk	Universal Forwarder	Universal Forwarder versions antérieures à 9.0
Splunk	Splunk Enterprise	Splunk Enterprise versions antérieures à 9.0
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions antérieures à 8.2.2203

References

Title

Publication Time

Tags

Bulletin de sécurité Splunk svd-2022-0604 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0603 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0605 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0601 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0602 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0607 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0608 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0606 du 14 juin 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Universal Forwarder versions ant\u00e9rieures \u00e0 9.0",
      "product": {
        "name": "Universal Forwarder",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions ant\u00e9rieures \u00e0 9.0",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Cloud Platform versions ant\u00e9rieures \u00e0 8.2.2203",
      "product": {
        "name": "Splunk Cloud Platform",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-32152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32152"
    },
    {
      "name": "CVE-2022-32151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32151"
    },
    {
      "name": "CVE-2022-32155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32155"
    },
    {
      "name": "CVE-2022-32156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32156"
    },
    {
      "name": "CVE-2022-32154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32154"
    },
    {
      "name": "CVE-2022-32153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32153"
    },
    {
      "name": "CVE-2022-32158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32158"
    },
    {
      "name": "CVE-2022-32157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32157"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-548",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-06-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSplunk. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0604 du 14 juin 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0603 du 14 juin 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0603.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0605 du 14 juin 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0601 du 14 juin 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0601.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0602 du 14 juin 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0602.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0607 du 14 juin 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0608 du 14 juin 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0608.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0606 du 14 juin 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0606.html"
    }
  ]
}

GSD-2022-32155

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-32155

Aliases

CVE-2022-32155

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-32155",
    "description": "In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to localhost preventing remote logins by default. If management services are not required in versions before 9.0, set disableDefaultPort = true in server.conf OR allowRemoteLogin = never in server.conf OR mgmtHostPort = localhost in web.conf. See Configure universal forwarder management security (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) for more information on disabling the remote management services.",
    "id": "GSD-2022-32155"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-32155"
      ],
      "details": "In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to localhost preventing remote logins by default. If management services are not required in versions before 9.0, set disableDefaultPort = true in server.conf OR allowRemoteLogin = never in server.conf OR mgmtHostPort = localhost in web.conf. See Configure universal forwarder management security (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) for more information on disabling the remote management services.",
      "id": "GSD-2022-32155",
      "modified": "2023-12-13T01:19:12.686433Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "prodsec@splunk.com",
        "DATE_PUBLIC": "2022-06-14T11:55:00.000Z",
        "ID": "CVE-2022-32155",
        "STATE": "PUBLIC",
        "TITLE": "Universal Forwarder management services allows remote login by default"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Universal Forwarder",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "9.0",
                          "version_value": "9.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Splunk, Inc"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Chris Green at Splunk"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to localhost preventing remote logins by default. If management services are not required in versions before 9.0, set disableDefaultPort = true in server.conf OR allowRemoteLogin = never in server.conf OR mgmtHostPort = localhost in web.conf. See Configure universal forwarder management security (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) for more information on disabling the remote management services."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": ""
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates",
            "refsource": "CONFIRM",
            "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
          },
          {
            "name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html",
            "refsource": "CONFIRM",
            "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html"
          },
          {
            "name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security",
            "refsource": "CONFIRM",
            "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security"
          }
        ]
      },
      "source": {
        "advisory": "SVD-2022-0605",
        "discovery": "INTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.2.2106",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "prodsec@splunk.com",
          "ID": "CVE-2022-32155"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to localhost preventing remote logins by default. If management services are not required in versions before 9.0, set disableDefaultPort = true in server.conf OR allowRemoteLogin = never in server.conf OR mgmtHostPort = localhost in web.conf. See Configure universal forwarder management security (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) for more information on disabling the remote management services."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-732"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security"
            },
            {
              "name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates",
              "refsource": "CONFIRM",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
            },
            {
              "name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-06-24T01:21Z",
      "publishedDate": "2022-06-15T17:15Z"
    }
  }
}

FKIE_CVE-2022-32155

Vulnerability from fkie_nvd - Published: 2022-06-15 17:15 - Updated: 2024-11-21 07:05

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
prodsec@splunk.com	https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security	Mitigation, Vendor Advisory
prodsec@splunk.com	https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates	Release Notes, Vendor Advisory
prodsec@splunk.com	https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html	Vendor Advisory

Impacted products

	Vendor	Product	Version
	splunk	splunk	*
	splunk	splunk_cloud_platform	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "A6CE3B90-F8EF-4DC2-80FF-2B791F152037",
              "versionEndExcluding": "9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "87852670-65F6-4EE8-ABD5-BC25137868DD",
              "versionEndExcluding": "8.2.2106",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to localhost preventing remote logins by default. If management services are not required in versions before 9.0, set disableDefaultPort = true in server.conf OR allowRemoteLogin = never in server.conf OR mgmtHostPort = localhost in web.conf. See Configure universal forwarder management security (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) for more information on disabling the remote management services."
    },
    {
      "lang": "es",
      "value": "En forwarder universal versiones anteriores a 9.0, los servicios de administraci\u00f3n est\u00e1n disponibles de forma remota por defecto. Cuando no es requerido, introduce una exposici\u00f3n potencial, pero no es una vulnerabilidad. Si es expuesta, recomendamos que cada cliente eval\u00fae la gravedad potencial espec\u00edfica de su entorno. En versi\u00f3n 9.0, el reenviador universal vincula ahora el puerto de administraci\u00f3n a localhost, lo que impide el inicio de sesi\u00f3n remoto por defecto. Si los servicios de administraci\u00f3n no son necesarios en versiones anteriores a 9.0, establezca disableDefaultPort = true en server.conf O allowRemoteLogin = never en server.conf O mgmtHostPort = localhost en web.conf. Consulte Configurar la seguridad de la administraci\u00f3n del reenviador universal (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) para obtener m\u00e1s informaci\u00f3n sobre la deshabilitaci\u00f3n de los servicios de administraci\u00f3n remota"
    }
  ],
  "id": "CVE-2022-32155",
  "lastModified": "2024-11-21T07:05:51.250",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-06-15T17:15:09.087",
  "references": [
    {
      "source": "prodsec@splunk.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security"
    },
    {
      "source": "prodsec@splunk.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
    },
    {
      "source": "prodsec@splunk.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html"
    }
  ],
  "sourceIdentifier": "prodsec@splunk.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-732"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-F27X-PRV4-7Q7X

Vulnerability from github – Published: 2022-06-16 00:00 – Updated: 2022-06-25 00:01

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-32155"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-732"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-15T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to localhost preventing remote logins by default. If management services are not required in versions before 9.0, set disableDefaultPort = true in server.conf OR allowRemoteLogin = never in server.conf OR mgmtHostPort = localhost in web.conf. See Configure universal forwarder management security (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) for more information on disabling the remote management services.",
  "id": "GHSA-f27x-prv4-7q7x",
  "modified": "2022-06-25T00:01:03Z",
  "published": "2022-06-16T00:00:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32155"
    },
    {
      "type": "WEB",
      "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security"
    },
    {
      "type": "WEB",
      "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
    },
    {
      "type": "WEB",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-32155 (GCVE-0-2022-32155)

CERTFR-2022-AVI-548

Solution

CERTFR-2022-AVI-548

Solution

GSD-2022-32155

FKIE_CVE-2022-32155

GHSA-F27X-PRV4-7Q7X

Tags

Sightings

Nomenclature