CVE-2022-32157

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 9.0

Description The issue is related to the lack of an authentication procedure in Splunk Enterprise deployment servers, allowing unauthenticated downloading of forwarder bundles. This can potentially enable a remote attacker to elevate their privileges. Remediation requires updating the deployment server to version 9.0 and configuring authentication for deployment servers and clients. Once enabled, deployment servers can only manage Universal Forwarder versions 9.0 and higher. Although Universal Forwarders are not directly affected, updating them to version 9.0 or higher is necessary prior to enabling the remediation.

Recommendations Update the deployment server to version 9.0. Configure authentication for deployment servers and clients. Update all Universal Forwarders managed by the deployment server to version 9.0 or higher prior to enabling the remediation.