Detections
Analytics

Splunk Free Detection

high Nessus Plugin ID 49070

Language:

Synopsis

An infrastructure monitoring tool is running on the remote host, and it is protected using default administrator credentials.

Description

Splunk Free is running on the remote host. Splunk Free allows uncredentialed access, and anyone who connects will automatically be logged on as 'admin'. A remote attacker can exploit this to gain administrative access to the application.

Splunk is a search, monitoring, and reporting tool for system administrators.

Solution

Either limit incoming traffic to this port or upgrade to Splunk Enterprise.

See Also

http://www.nessus.org/u?978c0d35

Plugin Details

Severity: High

ID: 49070

File Name: splunk_free_detect.nasl

Version: 1.7

Type: remote

Family: CGI abuses

Published: 9/1/2010

Updated: 5/24/2023

Asset Inventory: true

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:splunk:splunk

Required KB Items: installed_sw/Splunk