CVE-2022-32157 — HIGH (7.5)

Q: How severe is CVE-2022-32157?

CVE-2022-32157 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-32157?

Check the references section above for vendor advisories and patch information. Affected products include: Splunk Splunk.

Vulnerability Description

Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Once enabled, deployment servers can manage only Universal Forwarder versions 9.0 and higher. Though the vulnerability does not directly affect Universal Forwarders, remediation requires updating all Universal Forwarders that the deployment server manages to version 9.0 or higher prior to enabling the remediation.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Splunk	Splunk	< 9.0

Related Weaknesses (CWE)

CWE-306

References

https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancMitigationVendor Advisory
https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/UpdatesRelease NotesVendor Advisory
https://research.splunk.com/application/splunk_process_injection_forwarder_bundlMitigationVendor Advisory
https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.htmlVendor Advisory
https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancMitigationVendor Advisory
https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/UpdatesRelease NotesVendor Advisory
https://research.splunk.com/application/splunk_process_injection_forwarder_bundlMitigationVendor Advisory
https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.htmlVendor Advisory

FAQ

What is CVE-2022-32157?

CVE-2022-32157 is a vulnerability with a CVSS score of 7.5 (HIGH). Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configur...

How severe is CVE-2022-32157?

CVE-2022-32157 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-32157?

Check the references section above for vendor advisories and patch information. Affected products include: Splunk Splunk.