Splunk / Product Security / SVD-2022-0504 

Bypass of Splunk Enterprise's implementation of DUO MFA

Advisory ID: SVD-2022-0504

Published: 2022-05-03

CVSSv3.1 Score: 8.1, High

CWE: CWE-287

CVE ID: CVE-2021-26253

Last Update: 2022-05-03

CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

 

Description

A potential vulnerability in Splunk Enterprise's implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. The potential vulnerability impacts Splunk Enterprise instances configured to use DUO MFA and does not impact or affect a DUO product or service. For more information on securing Splunk Enterprise logins with DUO MFA, see About Multi Factor Auth

 

Solution

Upgrade Splunk Enterprise instances using DUO MFA to 8.1.6 or later.

 

Product Status

Product Version Affected Versions Fix Version
Splunk Enterprise 8.2 - 8.2.0
Splunk Enterprise 8.1 8.1.5 and earlier 8.1.6

The vulnerability does not impact Splunk Cloud Platform instances.

 

Acknowledgments

Sanket Bhimani