CVE-2022-43567
Remote Code Execution via the Splunk Secure Gateway application Mobile Alerts feature
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app.
En las versiones de Splunk Enterprise inferiores a 8.2.9, 8.1.12 y 9.0.2, un usuario autenticado puede ejecutar comandos arbitrarios del sistema operativo de forma remota mediante el uso de solicitudes especialmente manipuladas para la función de alertas móviles en la aplicación Splunk Secure Gateway.
*Credits:
Danylo Dmytriiev (DDV_UA)
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-10-20 CVE Reserved
- 2022-11-04 CVE Published
- 2024-05-27 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-502: Deserialization of Untrusted Data
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://research.splunk.com/application/baa41f09-df48-4375-8991-520beea161be | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.splunk.com/en_us/product-security/announcements/svd-2022-1107.html | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Splunk Search vendor "Splunk" | Splunk Search vendor "Splunk" for product "Splunk" | >= 8.1.0 < 8.1.12 Search vendor "Splunk" for product "Splunk" and version " >= 8.1.0 < 8.1.12" | enterprise |
Affected
| ||||||
| Splunk Search vendor "Splunk" | Splunk Search vendor "Splunk" for product "Splunk" | >= 8.2.0 < 8.2.9 Search vendor "Splunk" for product "Splunk" and version " >= 8.2.0 < 8.2.9" | enterprise |
Affected
| ||||||
| Splunk Search vendor "Splunk" | Splunk Search vendor "Splunk" for product "Splunk" | >= 9.0.0 < 9.0.2 Search vendor "Splunk" for product "Splunk" and version " >= 9.0.0 < 9.0.2" | enterprise |
Affected
| ||||||
| Splunk Search vendor "Splunk" | Splunk Cloud Platform Search vendor "Splunk" for product "Splunk Cloud Platform" | < 9.0.2205 Search vendor "Splunk" for product "Splunk Cloud Platform" and version " < 9.0.2205" | - |
Affected
| ||||||