CVE-2021-26253
Last modified
CVE-2021-26253 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. A potential vulnerability in Splunk Enterprise's implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. The potential vulnerability impacts Splunk Enterprise instances configured to use DUO MFA and does not impact or affect a DUO product or service.. EPSS estimates a 0.75% chance of exploitation in the next 30 days.
Description
A potential vulnerability in Splunk Enterprise's implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. The potential vulnerability impacts Splunk Enterprise instances configured to use DUO MFA and does not impact or affect a DUO product or service.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Splunk | Splunk | >= 8.1.0, < 8.1.6 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-26253?
How severe is CVE-2021-26253?
How do I fix CVE-2021-26253?
Are you affected by CVE-2021-26253?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST