Unrated severityNVD Advisory· Published Aug 30, 2023· Updated Feb 28, 2025
Splunk Enterprise on Windows Privilege Escalation due to Insecure OPENSSLDIR Build Definition Reference in DLL
CVE-2023-40596
Description
In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege escalation on the Windows machine.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2earlier than 8.2.12, 9.0.6, and 9.1.1+ 1 more
- (no CPE)range: earlier than 8.2.12, 9.0.6, and 9.1.1
- (no CPE)range: 8.2
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.