CVE-2021-3422
Indexer denial-of-service via malformed S2S request
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. The vulnerability impacts Splunk Enterprise versions before 7.3.9, 8.0 versions before 8.0.9, and 8.1 versions before 8.1.3. It does not impact Universal Forwarders. When Splunk forwarding is secured using TLS or a Token, the attack requires compromising the certificate or token, or both. Implementation of either or both reduces the severity to Medium.
La falta de validación de un campo clave-valor en el protocolo Splunk-to-Splunk resulta en una denegación de servicio en las instancias de Splunk Enterprise configuradas para indexar el tráfico de Universal Forwarder. La vulnerabilidad afecta a las versiones de Splunk Enterprise anteriores a la 7.3.9, a las versiones 8.0 anteriores a la 8.0.9 y a las versiones 8.1 anteriores a la 8.1.3. No afecta a los Universal Forwarders. Cuando el reenvío de Splunk está asegurado usando TLS o un Token, el ataque requiere comprometer el certificado o el token, o ambos. La implementación de uno o ambos reduce la severidad a Media
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-03-03 CVE Reserved
- 2022-03-25 CVE Published
- 2024-08-03 CVE Updated
- 2024-10-29 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-125: Out-of-bounds Read
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://claroty.com/2022/03/24/blog-research-locking-down-splunk-enterprise-indexers-and-forwarders | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.splunk.com/en_us/product-security/announcements/svd-2022-0301.html | 2022-04-11 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Splunk Search vendor "Splunk" | Splunk Search vendor "Splunk" for product "Splunk" | < 7.3.9 Search vendor "Splunk" for product "Splunk" and version " < 7.3.9" | enterprise |
Affected
| ||||||
Splunk Search vendor "Splunk" | Splunk Search vendor "Splunk" for product "Splunk" | >= 8.0 < 8.0.9 Search vendor "Splunk" for product "Splunk" and version " >= 8.0 < 8.0.9" | enterprise |
Affected
| ||||||
Splunk Search vendor "Splunk" | Splunk Search vendor "Splunk" for product "Splunk" | >= 8.1 < 8.1.3 Search vendor "Splunk" for product "Splunk" and version " >= 8.1 < 8.1.3" | enterprise |
Affected
|