Wednesday, August 10, 2022
Splunk

August Advisory Update

Customers are at the center of everything we do at Splunk and security is our top priority. As we work to refine our security advisory process, feedback from customers is key. To create the best possible customer experience, we...
Splunk

SVD-2022-0608: Splunk Enterprise deployment servers allow client publishing of forwarder bundles

Splunk Enterprise deployment servers in versions before 9.0 let clients deploy forwarder bundles to other deployment clients through the deployment server. An attacker that compromised a universal forwarder endpoint could use the vulnerability to execute arbitrary code on all...
Splunk

SVD-2022-0601: Splunk Enterprise disabled TLS validation using the CA certificate stores in Python 3 libraries by default

The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python...
Splunk

SVD-2022-0603: Splunk Enterprise lacked TLS host name certificate validation

Communications between Splunk nodes and trusted hosts lacked TLS certificate host name validation in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. The vulnerability requires compromising a valid certificate within the Splunk certificate authority (CA)...
Splunk

SVD-2022-0602: Splunk Enterprise lacked TLS certificate validation for Splunk-to-Splunk communication by default

Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However,...
Splunk

SVD-2022-0604: Risky commands warnings in Splunk Enterprise dashboards

Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands...
Splunk

SVD-2022-0605: Universal Forwarder management services allows remote login by default

In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to...
Splunk

SVD-2022-0606: Splunk Enterprise and Universal Forwarder CLI connections lacked TLS certificate validation

In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface (CLI) did not validate TLS certificates while connecting to a remote Splunk platform instance by default. Splunk peer communications configured properly with valid certificates were not...
Splunk

SVD-2022-0607: Splunk Enterprise deployment servers allow unauthenticated forwarder bundle downloads

Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles.
Splunk

SVD-2022-0506: Path Traversal in search parameter results in external content injection

The lack of sanitization in a relative url path in a search parameter allows for arbitrary injection of external content in Splunk Enterprise versions before 8.1.2.
Splunk

SVD-2022-0502: Username enumeration through lockout message in REST API

The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors.
Splunk

SVD-2022-0501: Local privilege escalation via a default path in Splunk Enterprise Windows

A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows. The vulnerability impacts Splunk Enterprise Windows versions 8.1.1 and earlier....
Splunk

SVD-2022-0503: S2S TcpToken authentication bypass

A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact...
Splunk

SVD-2022-0504: Bypass of Splunk Enterprise's implementation of DUO MFA

A potential vulnerability in Splunk Enterprise's implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. The potential vulnerability impacts Splunk Enterprise instances configured to use DUO MFA and does not impact or...
Splunk

SVD-2022-0505: Reflected XSS in a query parameter of the Monitoring Console

The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. T

Phishers who breached Twilio and fooled Cloudflare could easily get you, too

Enlarge (credit: Getty Images) At least two security-sensitive companies—Twilio and Cloudflare—were targeted in a phishing attack by an advanced threat actor who had possession of home phone numbers of not...
Brian Krebs

Microsoft Patch Tuesday, August 2022 Edition

Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows....

One of 5G's Biggest Features Is a Security Minefield

New research found troubling vulnerabilities in the 5G platforms carriers offer to wrangle embedded device data.
The Register

Patch Tuesday: Yet another Microsoft RCE bug under active exploit

Oh, and that critical VMware auth bypass vuln? Miscreants found it, too August Patch Tuesday clicks off the week of hacker summer camp in Las Vegas this year, so it's basically a code cracker's holiday too. …