Unrated severityNVD Advisory· Published Mar 25, 2022· Updated Aug 3, 2024
Indexer denial-of-service via malformed S2S request
CVE-2021-3422
Description
The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. The vulnerability impacts Splunk Enterprise versions before 7.3.9, 8.0 versions before 8.0.9, and 8.1 versions before 8.1.3. It does not impact Universal Forwarders. When Splunk forwarding is secured using TLS or a Token, the attack requires compromising the certificate or token, or both. Implementation of either or both reduces the severity to Medium.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<7.3.9, <8.0.9, <8.1.3+ 1 more
- (no CPE)range: <7.3.9, <8.0.9, <8.1.3
- (no CPE)range: 8.2 version(s) before 8.2.0
Patches
Vulnerability mechanics
References
2- claroty.com/2022/03/24/blog-research-locking-down-splunk-enterprise-indexers-and-forwarders/mitrex_refsource_MISC
- www.splunk.com/en_us/product-security/announcements/svd-2022-0301.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.