August Advisory Update
Customers are at the center of everything we do at Splunk and security is our top priority. As we work to refine our security advisory process, feedback from customers is key. To create the best possible customer experience, we...
SVD-2022-0608: Splunk Enterprise deployment servers allow client publishing of forwarder bundles
Splunk Enterprise deployment servers in versions before 9.0 let clients deploy forwarder bundles to other deployment clients through the deployment server. An attacker that compromised a universal forwarder endpoint could use the vulnerability to execute arbitrary code on all...
SVD-2022-0601: Splunk Enterprise disabled TLS validation using the CA certificate stores in Python 3 libraries by default
The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python...
SVD-2022-0603: Splunk Enterprise lacked TLS host name certificate validation
Communications between Splunk nodes and trusted hosts lacked TLS certificate host name validation in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. The vulnerability requires compromising a valid certificate within the Splunk certificate authority (CA)...
SVD-2022-0602: Splunk Enterprise lacked TLS certificate validation for Splunk-to-Splunk communication by default
Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However,...
SVD-2022-0604: Risky commands warnings in Splunk Enterprise dashboards
Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands...
SVD-2022-0605: Universal Forwarder management services allows remote login by default
In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to...
SVD-2022-0606: Splunk Enterprise and Universal Forwarder CLI connections lacked TLS certificate validation
In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface (CLI) did not validate TLS certificates while connecting to a remote Splunk platform instance by default. Splunk peer communications configured properly with valid certificates were not...
SVD-2022-0607: Splunk Enterprise deployment servers allow unauthenticated forwarder bundle downloads
Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles.
SVD-2022-0506: Path Traversal in search parameter results in external content injection
The lack of sanitization in a relative url path in a search parameter allows for arbitrary injection of external content in Splunk Enterprise versions before 8.1.2.
SVD-2022-0502: Username enumeration through lockout message in REST API
The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors.
SVD-2022-0501: Local privilege escalation via a default path in Splunk Enterprise Windows
A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows. The vulnerability impacts Splunk Enterprise Windows versions 8.1.1 and earlier....
SVD-2022-0503: S2S TcpToken authentication bypass
A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact...
SVD-2022-0504: Bypass of Splunk Enterprise's implementation of DUO MFA
A potential vulnerability in Splunk Enterprise's implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. The potential vulnerability impacts Splunk Enterprise instances configured to use DUO MFA and does not impact or...
SVD-2022-0505: Reflected XSS in a query parameter of the Monitoring Console
The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. T
Phishers who breached Twilio and fooled Cloudflare could easily get you, too
Enlarge (credit: Getty Images)
At least two security-sensitive companies—Twilio and Cloudflare—were targeted in a phishing attack by an advanced threat actor who had possession of home phone numbers of not...
Microsoft Patch Tuesday, August 2022 Edition
Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows....
One of 5G's Biggest Features Is a Security Minefield
New research found troubling vulnerabilities in the 5G platforms carriers offer to wrangle embedded device data.
Patch Tuesday: Yet another Microsoft RCE bug under active exploit
Oh, and that critical VMware auth bypass vuln? Miscreants found it, too August Patch Tuesday clicks off the week of hacker summer camp in Las Vegas this year, so it's basically a code cracker's holiday too. …
