admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-05 18:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2023/CVE-2023-40596.md

19 lines
1.0 KiB
Markdown
Raw Permalink Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2023-40596](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40596)
![](https://img.shields.io/static/v1?label=Product&message=Splunk%20Enterprise&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=8.2%3C%208.2.12%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=The%20software%20does%20not%20initialize%20or%20incorrectly%20initializes%20a%20resource%2C%20which%20might%20leave%20the%20resource%20in%20an%20unexpected%20state%20when%20it%20is%20accessed%20or%20used.&color=brighgreen)
### Description
In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege escalation on the Windows machine.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/chnzzh/OpenSSL-CVE-lib
- https://github.com/fkie-cad/nvd-json-data-feeds
Reference in New Issue Copy Permalink