Vulnerability identifier: #VU66545
Vulnerability risk: Medium
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-295
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Splunk Enterprise
Server applications /
IDS/IPS systems, Firewalls and proxy servers
Vendor: Splunk Inc.
Description
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to an error, related to usage of the Ingest Actions component via the user interface. When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (S3) in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination. As a result, remote attacker can perform Man-in-the-Middle (MitM) attack.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Splunk Enterprise: 9.0.0
External links
http://www.splunk.com/en_us/product-security/announcements/svd-2022-0801.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.