CVE-2023-40596

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 8.2.12 Splunk Enterprise versions prior to 9.0.6 Splunk Enterprise versions prior to 9.1.1

Description The issue is related to the incorrect initialization of a resource when handling the OPENSSLDIR value in the Splunk Web interface of Splunk Enterprise on Windows. This can be exploited by an attacker to execute arbitrary code and escalate privileges. An attacker can abuse the insecure path reference for the OPENSSLDIR build definition in a dynamic link library (DLL) that ships with Splunk Enterprise, allowing them to install malicious code and achieve privilege escalation on the Windows machine.

Recommendations For versions prior to 8.2.12, update to version 8.2.12 or later. For versions prior to 9.0.6, update to version 9.0.6 or later. For versions prior to 9.1.1, update to version 9.1.1 or later.