Arbitrary Code Execution Vulnerability in Splunk Enterprise Deployment Servers

Arbitrary Code Execution Vulnerability in Splunk Enterprise Deployment Servers

CVE-2022-32158 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Splunk Enterprise deployment servers in versions before 8.1.10.1, 8.2.6.1, and 9.0 let clients deploy forwarder bundles to other deployment clients through the deployment server. An attacker that compromised a Universal Forwarder endpoint could use the vulnerability to execute arbitrary code on all other Universal Forwarder endpoints subscribed to the deployment server.

Learn more about our Cis Benchmark Audit For Server Software.