SplunkCVELIST:CVE-2022-43566CVE-2022-43566 Risky command safeguards bypass via Search ID query in Analytics Workspace in Splunk Enterprise
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
42.8%
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more privileged user’s permissions to bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards in the Analytics Workspace. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will.
CNA Affected
[
{
"defaultStatus": "affected",
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "8.1.12",
"status": "affected",
"version": "8.1",
"versionType": "custom"
},
{
"lessThan": "8.2.9",
"status": "affected",
"version": "8.2",
"versionType": "custom"
},
{
"lessThan": "9.0.2",
"status": "affected",
"version": "9.0",
"versionType": "custom"
}
]
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
42.8%