VYPR
Unrated severityNVD Advisory· Published Aug 30, 2023· Updated Feb 28, 2025

Splunk Enterprise on Windows Privilege Escalation due to Insecure OPENSSLDIR Build Definition Reference in DLL

CVE-2023-40596

Description

In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege escalation on the Windows machine.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Splunk/Splunk Enterprisellm-fuzzy2 versions
    earlier than 8.2.12, 9.0.6, and 9.1.1+ 1 more
    • (no CPE)range: earlier than 8.2.12, 9.0.6, and 9.1.1
    • (no CPE)range: 8.2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.