Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Universal Forwarder by Splunk, Inc

    CVE-2022-32155 (GCVE-0-2022-32155)

    Vulnerability from nvd – Published: 2022-06-15 16:49 – Updated: 2024-09-16 20:12
    VLAI
    Title
    Universal Forwarder management services allows remote login by default
    Summary
    In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to localhost preventing remote logins by default. If management services are not required in versions before 9.0, set disableDefaultPort = true in server.conf OR allowRemoteLogin = never in server.conf OR mgmtHostPort = localhost in web.conf. See Configure universal forwarder management security (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) for more information on disabling the remote management services.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Splunk, Inc Universal Forwarder Affected: 9.0 , < 9.0 (custom)
    Create a notification for this product.
    Date Public
    2022-06-14 00:00
    Credits
    Chris Green at Splunk
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:32:56.013Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Universal Forwarder",
              "vendor": "Splunk, Inc",
              "versions": [
                {
                  "lessThan": "9.0",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Chris Green at Splunk"
            }
          ],
          "datePublic": "2022-06-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to localhost preventing remote logins by default. If management services are not required in versions before 9.0, set disableDefaultPort = true in server.conf OR allowRemoteLogin = never in server.conf OR mgmtHostPort = localhost in web.conf. See Configure universal forwarder management security (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) for more information on disabling the remote management services."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-15T16:49:26.000Z",
            "orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
            "shortName": "Splunk"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security"
            }
          ],
          "source": {
            "advisory": "SVD-2022-0605",
            "discovery": "INTERNAL"
          },
          "title": "Universal Forwarder management services allows remote login by default",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "prodsec@splunk.com",
              "DATE_PUBLIC": "2022-06-14T11:55:00.000Z",
              "ID": "CVE-2022-32155",
              "STATE": "PUBLIC",
              "TITLE": "Universal Forwarder management services allows remote login by default"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Universal Forwarder",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.0",
                                "version_value": "9.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Splunk, Inc"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Chris Green at Splunk"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to localhost preventing remote logins by default. If management services are not required in versions before 9.0, set disableDefaultPort = true in server.conf OR allowRemoteLogin = never in server.conf OR mgmtHostPort = localhost in web.conf. See Configure universal forwarder management security (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) for more information on disabling the remote management services."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": ""
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates",
                  "refsource": "CONFIRM",
                  "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
                },
                {
                  "name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html"
                },
                {
                  "name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security",
                  "refsource": "CONFIRM",
                  "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security"
                }
              ]
            },
            "source": {
              "advisory": "SVD-2022-0605",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
        "assignerShortName": "Splunk",
        "cveId": "CVE-2022-32155",
        "datePublished": "2022-06-15T16:49:26.618Z",
        "dateReserved": "2022-05-31T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:12:22.106Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32155 (GCVE-0-2022-32155)

    Vulnerability from cvelistv5 – Published: 2022-06-15 16:49 – Updated: 2024-09-16 20:12
    VLAI
    Title
    Universal Forwarder management services allows remote login by default
    Summary
    In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to localhost preventing remote logins by default. If management services are not required in versions before 9.0, set disableDefaultPort = true in server.conf OR allowRemoteLogin = never in server.conf OR mgmtHostPort = localhost in web.conf. See Configure universal forwarder management security (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) for more information on disabling the remote management services.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Splunk, Inc Universal Forwarder Affected: 9.0 , < 9.0 (custom)
    Create a notification for this product.
    Date Public
    2022-06-14 00:00
    Credits
    Chris Green at Splunk
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:32:56.013Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Universal Forwarder",
              "vendor": "Splunk, Inc",
              "versions": [
                {
                  "lessThan": "9.0",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Chris Green at Splunk"
            }
          ],
          "datePublic": "2022-06-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to localhost preventing remote logins by default. If management services are not required in versions before 9.0, set disableDefaultPort = true in server.conf OR allowRemoteLogin = never in server.conf OR mgmtHostPort = localhost in web.conf. See Configure universal forwarder management security (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) for more information on disabling the remote management services."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-15T16:49:26.000Z",
            "orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
            "shortName": "Splunk"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security"
            }
          ],
          "source": {
            "advisory": "SVD-2022-0605",
            "discovery": "INTERNAL"
          },
          "title": "Universal Forwarder management services allows remote login by default",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "prodsec@splunk.com",
              "DATE_PUBLIC": "2022-06-14T11:55:00.000Z",
              "ID": "CVE-2022-32155",
              "STATE": "PUBLIC",
              "TITLE": "Universal Forwarder management services allows remote login by default"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Universal Forwarder",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.0",
                                "version_value": "9.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Splunk, Inc"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Chris Green at Splunk"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to localhost preventing remote logins by default. If management services are not required in versions before 9.0, set disableDefaultPort = true in server.conf OR allowRemoteLogin = never in server.conf OR mgmtHostPort = localhost in web.conf. See Configure universal forwarder management security (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) for more information on disabling the remote management services."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": ""
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates",
                  "refsource": "CONFIRM",
                  "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
                },
                {
                  "name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html"
                },
                {
                  "name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security",
                  "refsource": "CONFIRM",
                  "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security"
                }
              ]
            },
            "source": {
              "advisory": "SVD-2022-0605",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
        "assignerShortName": "Splunk",
        "cveId": "CVE-2022-32155",
        "datePublished": "2022-06-15T16:49:26.618Z",
        "dateReserved": "2022-05-31T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:12:22.106Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }