CVE-2022-32155

Name of the Vulnerable Software and Affected Versions Universal Forwarder versions prior to 9.0

Description The universal forwarder has management services available remotely by default in versions before 9.0, which can introduce a potential exposure if not required. In version 9.0, the management port is bound to localhost by default, preventing remote logins. Customers are recommended to assess the potential severity of this exposure specific to their environment.

Recommendations For Universal Forwarder versions prior to 9.0, if management services are not required, set disableDefaultPort = true in server.conf or allowRemoteLogin = never in server.conf or mgmtHostPort = localhost in web.conf to disable remote management services.