CVE-2022-32156 — HIGH (8.1)

Q: How severe is CVE-2022-32156?

CVE-2022-32156 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-32156?

Check the references section above for vendor advisories and patch information. Affected products include: Splunk Splunk, Splunk Universal Forwarder.

Vulnerability Description

In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface (CLI) did not validate TLS certificates while connecting to a remote Splunk platform instance by default. After updating to version 9.0, see Configure TLS host name validation for the Splunk CLI https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_TLS_host_name_validation_for_the_Splunk_CLI to enable the remediation. The vulnerability does not affect the Splunk Cloud Platform. At the time of publishing, we have no evidence of exploitation of this vulnerability by external parties. The issue requires conditions beyond the control of a potential bad actor such as a machine-in-the-middle attack. Hence, Splunk rates the complexity of the attack as High.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Splunk	Splunk	< 9.0
Splunk	Universal Forwarder	< 9.0

Related Weaknesses (CWE)

CWE-295

References

https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnamMitigationVendor Advisory
https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/UpdatesRelease NotesVendor Advisory
https://www.splunk.com/en_us/product-security/announcements/svd-2022-0606.htmlVendor Advisory
https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnamMitigationVendor Advisory
https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/UpdatesRelease NotesVendor Advisory
https://www.splunk.com/en_us/product-security/announcements/svd-2022-0606.htmlVendor Advisory

FAQ

What is CVE-2022-32156?

CVE-2022-32156 is a vulnerability with a CVSS score of 8.1 (HIGH). In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface (CLI) did not validate TLS certificates while connecting to a remote Splunk platform instance by def...

How severe is CVE-2022-32156?

CVE-2022-32156 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-32156?

Check the references section above for vendor advisories and patch information. Affected products include: Splunk Splunk, Splunk Universal Forwarder.