CVE-2021-42743 - Vulnerability Details

Vendors	Products
Microsoft	Windows
Splunk	Splunk

Link	Providers
https://www.splunk.com/en_us/product-security/announcements/svd-2022-0501.html

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Splunk Enterprise", "vendor": "Splunk", "versions": [{"status": "affected", "version": "8.1 version(s) before 8.1.1"}]}], "credits": [{"lang": "en", "value": "Ilias Dimopoulos of\u202fRedyOps Research Labs"}], "descriptions": [{"lang": "en", "value": "A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-427", "description": "CWE-427", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-06T16:36:35", "orgId": "42b59230-ec95-491e-8425-5a5befa1a469", "shortName": "Splunk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0501.html"}], "source": {"advisory": "SVD-2022-0501", "discovery": "EXTERNAL"}, "title": "Local privilege escalation via a default path in Splunk Enterprise Windows", "x_generator": {"engine": "advisoriator"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "prodsec@splunk.com", "ID": "CVE-2021-42743", "STATE": "PUBLIC", "TITLE": "Local privilege escalation via a default path in Splunk Enterprise Windows"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Splunk Enterprise", "version": {"version_data": [{"version_value": "8.1 version(s) before 8.1.1"}]}}]}, "vendor_name": "Splunk"}]}}, "credit": [{"lang": "eng", "value": "Ilias Dimopoulos of\u202fRedyOps Research Labs"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows."}]}, "generator": {"engine": "advisoriator"}, "impact": {"cvss": {"baseScore": "8.8", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-427"}]}]}, "references": {"reference_data": [{"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0501.html", "refsource": "MISC", "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0501.html"}]}, "source": {"advisory": "SVD-2022-0501", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T03:38:50.215Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0501.html"}]}]}, "cveMetadata": {"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469", "assignerShortName": "Splunk", "cveId": "CVE-2021-42743", "datePublished": "2022-05-06T16:36:35", "dateReserved": "2021-11-03T00:00:00", "dateUpdated": "2024-08-04T03:38:50.215Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Splunk Enterprise (string)

vendor : Splunk (string)

versions : [ »

0 : { »

status : affected (string)

version : 8.1 version(s) before 8.1.1 (string)

}

]

}

]

credits : [ »

0 : { »

lang : en (string)

value : Ilias Dimopoulos of RedyOps Research Labs (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows. (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 8.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : CHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H (string)

version : 3.1 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-427 (string)

description : CWE-427 (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2022-05-06T16:36:35 (string)

orgId : 42b59230-ec95-491e-8425-5a5befa1a469 (string)

shortName : Splunk (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.splunk.com/en_us/product-security/announcements/svd-2022-0501.html (string)

}

]

source : { »

advisory : SVD-2022-0501 (string)

discovery : EXTERNAL (string)

}

title : Local privilege escalation via a default path in Splunk Enterprise Windows (string)

x_generator : { »

engine : advisoriator (string)

}

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : prodsec@splunk.com (string)

ID : CVE-2021-42743 (string)

STATE : PUBLIC (string)

TITLE : Local privilege escalation via a default path in Splunk Enterprise Windows (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Splunk Enterprise (string)

version : { »

version_data : [ »

0 : { »

version_value : 8.1 version(s) before 8.1.1 (string)

}

]

}

]

}

vendor_name : Splunk (string)

}

]

}

credit : [ »

0 : { »

lang : eng (string)

value : Ilias Dimopoulos of RedyOps Research Labs (string)

}

]

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows. (string)

}

]

}

generator : { »

engine : advisoriator (string)

}

impact : { »

cvss : { »

baseScore : 8.8 (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H (string)

version : 3.1 (string)

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : CWE-427 (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.splunk.com/en_us/product-security/announcements/svd-2022-0501.html (string)

refsource : MISC (string)

url : https://www.splunk.com/en_us/product-security/announcements/svd-2022-0501.html (string)

}

]

}

source : { »

advisory : SVD-2022-0501 (string)

discovery : EXTERNAL (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T03:38:50.215Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.splunk.com/en_us/product-security/announcements/svd-2022-0501.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 42b59230-ec95-491e-8425-5a5befa1a469 (string)

assignerShortName : Splunk (string)

cveId : CVE-2021-42743 (string)

datePublished : 2022-05-06T16:36:35 (string)

dateReserved : 2021-11-03T00:00:00 (string)

dateUpdated : 2024-08-04T03:38:50.215Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "C71160B4-491E-4899-9C12-0DA644F2494E", "versionEndExcluding": "8.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows."}, {"lang": "es", "value": "Una configuraci\u00f3n err\u00f3nea en la ruta por defecto del nodo permite una escalada de privilegios local de un usuario menos privilegiado al usuario de Splunk en Splunk Enterprise versiones anteriores a 8.1.1 en Windows"}], "id": "CVE-2021-42743", "lastModified": "2024-11-21T06:28:05.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "prodsec@splunk.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-06T17:15:08.710", "references": [{"source": "prodsec@splunk.com", "tags": ["Vendor Advisory"], "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0501.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0501.html"}], "sourceIdentifier": "prodsec@splunk.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "prodsec@splunk.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:* (string)

matchCriteriaId : C71160B4-491E-4899-9C12-0DA644F2494E (string)

versionEndExcluding : 8.1.1 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* (string)

matchCriteriaId : A2572D17-1DE6-457B-99CC-64AFD54487EA (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows. (string)

}

1 : { »

lang : es (string)

value : Una configuración errónea en la ruta por defecto del nodo permite una escalada de privilegios local de un usuario menos privilegiado al usuario de Splunk en Splunk Enterprise versiones anteriores a 8.1.1 en Windows (string)

}

]

id : CVE-2021-42743 (string)

lastModified : 2024-11-21T06:28:05.000 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 4.6 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:L/AC:L/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 8.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : CHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 2 (number)

impactScore : 6 (number)

source : prodsec@splunk.com (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 7.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2022-05-06T17:15:08.710 (string)

references : [ »

0 : { »

source : prodsec@splunk.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.splunk.com/en_us/product-security/announcements/svd-2022-0501.html (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.splunk.com/en_us/product-security/announcements/svd-2022-0501.html (string)

}

]

sourceIdentifier : prodsec@splunk.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-427 (string)

}

]

source : prodsec@splunk.com (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-427 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object