CVE-2022-32151

The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries now verify server certificates by default and use the appropriate CA certificate stores for each library. Apps and add-ons that include their own HTTP libraries are not affected. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation.

CVSS v3 9.1 CRITICAL
CVSS v2.0 6.4 MEDIUM

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

6.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation	Vendor Advisory
https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates	Release Notes Vendor Advisory
https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_simplerequest/	Mitigation Vendor Advisory
https://www.splunk.com/en_us/product-security/announcements/svd-2022-0601.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk_cloud_platform::::::::

History

No history.

Information

Published : 2022-06-15 17:15

Updated : 2024-02-28 19:09

NVD link : CVE-2022-32151

Mitre link : CVE-2022-32151

CVE.ORG link : CVE-2022-32151

JSON object : View

Products Affected

splunk

splunk
splunk_cloud_platform

CWE

CWE-295

Improper Certificate Validation

{"id": "CVE-2022-32151", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "prodsec@splunk.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.2}]}, "published": "2022-06-15T17:15:08.810", "references": [{"url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation", "tags": ["Vendor Advisory"], "source": "prodsec@splunk.com"}, {"url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", "tags": ["Release Notes", "Vendor Advisory"], "source": "prodsec@splunk.com"}, {"url": "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_simplerequest/", "tags": ["Mitigation", "Vendor Advisory"], "source": "prodsec@splunk.com"}, {"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0601.html", "tags": ["Vendor Advisory"], "source": "prodsec@splunk.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-295"}]}, {"type": "Secondary", "source": "prodsec@splunk.com", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries now verify server certificates by default and use the appropriate CA certificate stores for each library. Apps and add-ons that include their own HTTP libraries are not affected. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation."}, {"lang": "es", "value": "Las bibliotecas de Python httplib y urllib que Splunk envi\u00f3 con Splunk Enterprise no comprueban los certificados usando los almacenes de certificados de la autoridad de certificaci\u00f3n (CA) de forma predeterminada en Splunk Enterprise versiones anteriores a 9.0 y Splunk Cloud Platform versiones anteriores a 8.2.2203. Las bibliotecas de cliente de Python 3 ahora verifican los certificados del servidor por defecto y usan los almacenes de certificados de CA apropiados para cada biblioteca. Las aplicaciones y complementos que incluyen sus propias bibliotecas HTTP no est\u00e1n afectadas. Para Splunk Enterprise, actualice a versi\u00f3n 9.0 de Splunk Enterprise y configure la comprobaci\u00f3n del nombre de host TLS para las comunicaciones de Splunk a Splunk (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) para habilitar la correcci\u00f3n"}], "lastModified": "2022-06-24T01:24:08.687", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "A6CE3B90-F8EF-4DC2-80FF-2B791F152037", "versionEndExcluding": "9.0"}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B97CD36E-7ABF-4A2C-B844-D6C5CBBE673E", "versionEndExcluding": "8.2.2203"}], "operator": "OR"}]}], "sourceIdentifier": "prodsec@splunk.com"}