CVE-2023-40596 - OpenCVE

In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege escalation on the Windows machine.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows
Splunk	Splunk

Configuration 1 [-]

AND

OR	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:9.1.0::::enterprise:::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://advisory.splunk.com/advisories/SVD-2023-0805

History

No history.

MITRE

Status: PUBLISHED

Assigner: Splunk

Published: 2023-08-30T16:19:43.630Z

Updated: 2024-08-12T20:02:03.486Z

Reserved: 2023-08-16T22:07:52.838Z

Link: CVE-2023-40596

Vulnrichment

Updated: 2024-08-02T18:38:50.903Z

NVD

Status : Modified

Published: 2023-08-30T17:15:10.103

Modified: 2024-04-10T01:15:15.983

Link: CVE-2023-40596

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-40596", "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469", "state": "PUBLISHED", "assignerShortName": "Splunk", "dateReserved": "2023-08-16T22:07:52.838Z", "datePublished": "2023-08-30T16:19:43.630Z", "dateUpdated": "2024-08-12T20:02:03.486Z"}, "containers": {"cna": {"affected": [{"product": "Splunk Enterprise", "vendor": "Splunk", "versions": [{"version": "8.2", "status": "affected", "versionType": "custom", "lessThan": "8.2.12"}, {"version": "9.0", "status": "affected", "versionType": "custom", "lessThan": "9.0.6"}, {"version": "9.1", "status": "affected", "versionType": "custom", "lessThan": "9.1.1"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege escalation on the Windows machine."}], "value": "In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege escalation on the Windows machine."}], "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2023-0805"}], "title": "Splunk Enterprise on Windows Privilege Escalation due to Insecure OPENSSLDIR Build Definition Reference in DLL", "datePublic": "2023-08-30T00:00:00.000000", "metrics": [{"cvssV3_1": {"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "baseScore": 7, "baseSeverity": "HIGH"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cvw", "description": "The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.", "cweId": "CWE-665"}]}], "source": {"advisory": "SVD-2023-0805"}, "credits": [{"lang": "en", "value": "Will Dormann, Vul Labs"}], "providerMetadata": {"orgId": "42b59230-ec95-491e-8425-5a5befa1a469", "shortName": "Splunk", "dateUpdated": "2024-08-12T20:02:03.486Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-40596", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-20T19:34:18.026500Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*"], "vendor": "splunk", "product": "splunk", "versions": [{"status": "affected", "version": "8.2", "lessThan": "8.2.12", "versionType": "semver"}, {"status": "affected", "version": "9.0", "lessThan": "9.0.6", "versionType": "semver"}, {"status": "affected", "version": "9.1", "lessThan": "9.1.1", "versionType": "semver"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:19:00.590Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:38:50.903Z"}, "title": "CVE Program Container", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2023-0805", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2023-0805", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:38:50.903Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-40596", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-20T19:34:18.026500Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*"], "vendor": "splunk", "product": "splunk", "versions": [{"status": "affected", "version": "8.2", "lessThan": "8.2.12", "versionType": "semver"}, {"status": "affected", "version": "9.0", "lessThan": "9.0.6", "versionType": "semver"}, {"status": "affected", "version": "9.1", "lessThan": "9.1.1", "versionType": "semver"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-20T19:35:35.323Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Splunk Enterprise on Windows Privilege Escalation due to Insecure OPENSSLDIR Build Definition Reference in DLL", "source": {"advisory": "SVD-2023-0805"}, "credits": [{"lang": "en", "value": "Will Dormann, Vul Labs"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Splunk", "product": "Splunk Enterprise", "versions": [{"status": "affected", "version": "8.2", "lessThan": "8.2.12", "versionType": "custom"}, {"status": "affected", "version": "9.0", "lessThan": "9.0.6", "versionType": "custom"}, {"status": "affected", "version": "9.1", "lessThan": "9.1.1", "versionType": "custom"}]}], "datePublic": "2023-08-30T00:00:00.000000", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2023-0805"}], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege escalation on the Windows machine.", "supportingMedia": [{"type": "text/html", "value": "In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege escalation on the Windows machine.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cvw", "cweId": "CWE-665", "description": "The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used."}]}], "providerMetadata": {"orgId": "42b59230-ec95-491e-8425-5a5befa1a469", "shortName": "Splunk", "dateUpdated": "2024-08-12T20:02:03.486Z"}}}, "cveMetadata": {"cveId": "CVE-2023-40596", "state": "PUBLISHED", "dateUpdated": "2024-08-12T20:02:03.486Z", "dateReserved": "2023-08-16T22:07:52.838Z", "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469", "datePublished": "2023-08-30T16:19:43.630Z", "assignerShortName": "Splunk"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "21F6F824-393F-424F-85DF-CD3FCB40452F", "versionEndExcluding": "8.2.12", "versionStartIncluding": "8.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "74A23E71-6A34-48A5-8087-B626BED870E0", "versionEndExcluding": "9.0.6", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk:9.1.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "A4F2BC82-AD4C-4D80-8200-C2371E7C04F1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege escalation on the Windows machine."}], "id": "CVE-2023-40596", "lastModified": "2024-04-10T01:15:15.983", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "prodsec@splunk.com", "type": "Secondary"}]}, "published": "2023-08-30T17:15:10.103", "references": [{"source": "prodsec@splunk.com", "tags": ["Vendor Advisory"], "url": "https://advisory.splunk.com/advisories/SVD-2023-0805"}], "sourceIdentifier": "prodsec@splunk.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-665"}], "source": "prodsec@splunk.com", "type": "Secondary"}]}