Splunk Non-root Configuration Local Privilege Escalation

high Nessus Plugin ID 104498

Synopsis

Checks Splunk configuration on the host for a local privilege escalation vulnerability.

Description

The Splunk install detected on the remote host is vulnerable to a non-root configuration local privilege escalation vulnerability. Please refer the vendor advisory for remediation actions.

Solution

Apply the appropriate configuration changes listed in the vendor advisory.

See Also

https://www.splunk.com/view/SP-CAAAP3M

Plugin Details

Severity: High

ID: 104498

File Name: splunk_local_priv_escl.nasl

Version: 1.11

Type: local

Agent: unix

Family: Misc.

Published: 11/10/2017

Updated: 6/29/2022

Supported Sensors: Nessus Agent

Risk Information

CVSS Score Rationale: Score was calculated by vendor.

CVSS v2

Risk Factor: High

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: manual

CVSS v3

Risk Factor: High

Base Score: 8.4

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:splunk:splunk

Required KB Items: Host/local_checks_enabled, Host/uname

Patch Publication Date: 10/27/2017

Vulnerability Publication Date: 10/27/2017

Reference Information

BID: 101664

IAVB: 2017-B-0150-S