Vulnerability Description
The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. The vulnerability impacts Splunk Enterprise versions before 7.3.9, 8.0 versions before 8.0.9, and 8.1 versions before 8.1.3. It does not impact Universal Forwarders. When Splunk forwarding is secured using TLS or a Token, the attack requires compromising the certificate or token, or both. Implementation of either or both reduces the severity to Medium.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Splunk | Splunk | < 7.3.9 |
Related Weaknesses (CWE)
References
- https://claroty.com/2022/03/24/blog-research-locking-down-splunk-enterprise-indeThird Party Advisory
- https://www.splunk.com/en_us/product-security/announcements/svd-2022-0301.htmlVendor Advisory
- https://claroty.com/2022/03/24/blog-research-locking-down-splunk-enterprise-indeThird Party Advisory
- https://www.splunk.com/en_us/product-security/announcements/svd-2022-0301.htmlVendor Advisory
FAQ
What is CVE-2021-3422?
CVE-2021-3422 is a vulnerability with a CVSS score of 7.5 (HIGH). The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. The vulnerab...
How severe is CVE-2021-3422?
CVE-2021-3422 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-3422?
Check the references section above for vendor advisories and patch information. Affected products include: Splunk Splunk.