PT-2022-21125 · Splunk · Splunk Cloud Platform+2
Chris Green
·
Published
2022-06-14
·
Updated
2026-02-25
·
CVE-2022-32156
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Splunk Enterprise and Universal Forwarder versions prior to 9.0
Description
The issue is related to the Splunk command-line interface (CLI) not validating TLS certificates while connecting to a remote Splunk platform instance by default. This requires conditions beyond the control of a potential bad actor, such as a machine-in-the-middle attack, and is rated as a High complexity attack. There is no evidence of exploitation of this issue by external parties at the time of publishing. The Splunk Cloud Platform is not affected.
Recommendations
For Splunk Enterprise and Universal Forwarder versions prior to 9.0, update to version 9.0 and follow the documentation to enable TLS host name validation for the Splunk CLI. This can be done by configuring the settings as described in the Splunk documentation.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Splunk Cloud Platform
Splunk Enterprise
Universal Forwarder