Splunk Enterprise on Windows Privilege Escalation due to Insecure OPENSSLDIR Build Definition Reference in DLL
CVE-2023-40596

7HIGH

Key Information:

Vendor: Splunk
Status: Splunk Enterprise
Vendor: CVE Published:; 30 August 2023

Summary

A vulnerability in Splunk Enterprise allows attackers to exploit insecure path referencing in dynamic link libraries (DLLs) included with the software. This flaw permits the installation of malicious code, leading to potential privilege escalation on the Windows operating system. It affects users running versions prior to 8.2.12, 9.0.6, and 9.1.1, highlighting the importance of updating to secure versions to mitigate risks associated with this issue.

Affected Version(s)

Splunk Enterprise 8.2 < 8.2.12

Splunk Enterprise 9.0 < 9.0.6

Splunk Enterprise 9.1 < 9.1.1

References

https://advisory.splunk.com/advisories/SVD-2023-0805

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 30, 2023
Vulnerability Reserved
Aug 16, 2023

Credit

Will Dormann, Vul Labs