EIQ-2018-0007#

ID

EIQ-2018-0007

(Former ref.: 1801-08)

CVE

-

Description

Secure connection verification is always on with some plug-ins

Date

-

Severity

1 - LOW

CVSSv3 score

CVSSv3 score not available on NIST NVD.

Status

✅ 2.3.1 (partially)

✅ 2.3.4 (completely)

Assessment

The platform extensions Splunk and Pan-OS were not verifying HTTPs certificates when communicating with security controls.

A fix for Splunk was released with EclecticIQ Platform 2.3.1.

A fix for PAN-OS was released at the end of March 2019, just before EclecticIQ Platform 2.3.4.

Mitigation

-

Affected versions

Platform instances using the Splunk sightings enricher before EclecticIQ Platform 2.3.1.

Platform instances using PanOS instrumentation before EclecticIQ Platform 2.3.4.

Notes

The connection between security controls and TIP is the under control of the user, the probability of a system being affected is low.

An adversary would need access to the local network to exploit this successfully.