Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Splunk patches critical vulnerability while users push for legacy updates

Data monitoring and search vendor Splunk patched a code execution vulnerability in its Splunk Enterprise deployment server and is – belatedly, according to some – promising to back-port it to earlier versions.

The deployment servers are used to distribute configurations and content updates to Enterprise instances such as forwarders, indexers, and search heads.

However, a critical-severity vulnerability, CVE-2022-32158, meant that versions prior to 9.0 allow clients to leverage the server to deploy forwarder bundles to other clients.

An attacker who had compromised or had access to a single universal forwarder within an environment could then execute arbitrary code on all the other Universal Forwarder (UF) endpoints within that organization.

Nick Heudecker, senior director, market strategy, and competitive intelligence at Cribl, told The Daily Swig: “It’s not uncommon for Splunk users to have thousands or tens of thousands of UFs deployed across their infrastructure, making this a high priority vulnerability.”

Splunk said there’s no evidence that the vulnerability has been exploited in the wild, and that the Splunk Cloud Platform (SCP) isn’t affected as it doesn’t offer nor use deployment servers.

“Splunk released fixed versions for impacted products that mitigate the issues, and we strongly encourage customers to upgrade as soon as possible,” it said in a statement.

The vulnerability affects all Splunk Enterprise deployment servers prior to version 9.0 – and there’s currently no patch or workaround other than to update to this version, released only on 14 June. With patching, users would need to restrict access to the deployment server, firing it up only to push configuration updates.

Under pressure from the community, Splunk has now said that it plans to back-port the fix to earlier versions, though there’s no indication as to when.

“While the vulnerability is a problem, how Splunk chose to handle it is what has upset Splunk’s users and community,” according to Heudecker. “Vulnerabilities happen. How a company reacts to them can create or destroy goodwill.”

Source: https://portswigger.net/daily-swig/splunk-patches-critical-vulnerability-while-users-push-for-legacy-updates

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

Zero Trust Data Access (ZTDA) constitutes a fundamental aspect of the wider Zero Trust security framework, which entails limiting data access. The Zero Trust security approach...

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

Cyber Security

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO