CVE-2023-32709

low-risk

Published 2023-06-01

In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ‘user’ role can see the hashed version of the initial user name and password for the Splunk instance by using the ‘rest’ SPL command against the ‘conf-user-seed’ REST endpoint.

Do I need to act?

0.17% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.3/10 Medium

NETWORK / LOW complexity

Affected Products (2)

Splunk

Splunk Cloud Platform

Affected Vendors

Splunk

References (4)

Vendor Advisory https://advisory.splunk.com/advisories/SVD-2023-0604

Vendor Advisory https://research.splunk.com/application/a1be424d-e59c-4583-b6f9-2dcc23be4875/

Vendor Advisory https://advisory.splunk.com/advisories/SVD-2023-0604

Vendor Advisory https://research.splunk.com/application/a1be424d-e59c-4583-b6f9-2dcc23be4875/

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 7/34 · Low