Critical Vulnerability in Splunk Enterprise Deployment Servers

Splunk releases a security announcement to address a critical vulnerability in Splunk Enterprise deployment servers that could allow arbitrary code execution on Universal Forwarder endpoints

Threat ID:: CC-4115
Threat Severity:: Information only
Published:: 17 June 2022 12:14 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Splunk releases a security announcement to address a critical vulnerability in Splunk Enterprise deployment servers that could allow arbitrary code execution on Universal Forwarder endpoints

Affected platforms

The following platforms are known to be affected:

Versions: all prior to 9.0

Splunk Enterprise

Threat details

Introduction

Splunk has released a security announcement relating to a vulnerability, tracked as CVE-2022-32158, affecting Splunk Enterprise deployment servers. CVE-2022-32158, which has a Critical CVSS rating of 9.0, could allow an attacker that compromises a Universal Forwarder endpoint to execute arbitrary code on all other Universal Forwarder endpoints subscribed to the deployment server. The vulnerability affects versions prior to 9.0, which allow the deployment server to be used by clients to deploy forwarder bundles to other deployment clients.

Remediation advice

Affected organisations are encouraged to review Splunk's Security Advisory SVD-2022-0608 and upgrade Splunk Enterprise deployment servers to version 9.0 or higher.

Definitive source of threat updates

https://www.splunk.com/en_us/product-security/announcements/svd-2022-0608.html

CVE Vulnerabilities

Status Published

CVE-2022-32158

Last edited: 23 June 2022 1:08 pm