CVE-2022-32153Improper Validation of Certificate with Host Mismatch in INC Splunk Cloud Platform

CWE-297Improper Validation of Certificate with Host MismatchCWE-295Improper Certificate Validation3 documents3 sources
Severity
8.1HIGHNVD
EPSS
0.3%
top 47.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Splunk INC Splunk Cloud PlatformSplunk INC Splunk EnterpriseSplunk+1 more
Timeline
PublishedJun 15
Latest updateJun 16

Description

Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could add a peer without a valid certificate and connections from misconfigured nodes without valid certificates did not fail by default. For Splunk En

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages4 packages

CVEListV5splunk_inc/splunk_enterprise9.09.0
CVEListV5splunk_inc/splunk_cloud_platform8.28.2.2203
NVDsplunk/splunk< 9.0

🔴Vulnerability Details

2
GHSA
GHSA-3vq3-mvhh-hjcp: Splunk Enterprise peers in Splunk Enterprise versions before 92022-06-16
CVEList
Splunk Enterprise lacked TLS host name validation2022-06-15
CVE-2022-32153 — HIGH severity | cvebase