Volerion logoVolerion
Volerion logoVolerion

Splunk Universal Forwarder for Windows Incorrect Permission Vulnerability

Vulnerability

A vulnerability exists in Splunk Universal Forwarder for Windows in versions prior to 9.4.2, 9.3.4, 9.2.6, and 9.1.9. During a new installation or an upgrade to an affected version, incorrect permissions can be assigned in the default installation directory. This misconfiguration allows non-administrator users to access the directory and its contents.

Impact

The vulnerability allows non-administrator users to access the Universal Forwarder installation directory and all its contents, potentially leading to unauthorized data access or modification.

Remediation

Users can upgrade Splunk Universal Forwarder for Windows to versions 9.4.2, 9.3.4, 9.2.6, 9.1.9, or higher. If an upgrade is not possible, the vulnerability can be mitigated by running a command to remove group permissions for non-administrator users from the installation directory. This command can be executed as a Windows system administrator using Command Prompt or PowerShell.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
6.6
impact
2.5
exploitability
3.3
remediation
7.9
relevance
0.0
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.