In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege escalation on the Windows machine.
History

Tue, 15 Oct 2024 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Splunk

Published: 2023-08-30T16:19:43.630Z

Updated: 2024-12-10T18:00:56.395Z

Reserved: 2023-08-16T22:07:52.838Z

Link: CVE-2023-40596

cve-icon Vulnrichment

Updated: 2024-08-02T18:38:50.903Z

cve-icon NVD

Status : Modified

Published: 2023-08-30T17:15:10.103

Modified: 2024-11-21T08:19:47.540

Link: CVE-2023-40596

cve-icon Redhat

No data.