Splunk / Product Security / SVD-2022-0501

Local privilege escalation via a default path in Splunk Enterprise Windows

Advisory ID: SVD-2022-0501

Published: 2022-05-03

CVSSv3.1 Score: 8.8, High

CWE: CWE-427

CVE ID: CVE-2021-42743

Last Update: 2022-05-03

CVSSv3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

 

Description

A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows.

 

Solution

Upgrade Splunk Enterprise Window versions to 8.1.1 or later.

 

Product Status

Product Version Affected Versions Fix Version
Splunk Enterprise 8.2 - 8.2.0
Splunk Enterprise 8.1 8.1.0 and earlier 8.1.1

The vulnerability does not impact Splunk Cloud Platform instances.

 

Acknowledgments

Ilias Dimopoulos of RedyOps Research Labs