In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege escalation on the Windows machine.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://advisory.splunk.com/advisories/SVD-2023-0805 |
History
Tue, 15 Oct 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Splunk
Published: 2023-08-30T16:19:43.630Z
Updated: 2024-12-10T18:00:56.395Z
Reserved: 2023-08-16T22:07:52.838Z
Link: CVE-2023-40596
Vulnrichment
Updated: 2024-08-02T18:38:50.903Z
NVD
Status : Modified
Published: 2023-08-30T17:15:10.103
Modified: 2024-11-21T08:19:47.540
Link: CVE-2023-40596
Redhat
No data.