CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
9.0%
In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege escalation on the Windows machine.
[
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"version": "8.2",
"status": "affected",
"versionType": "custom",
"lessThan": "8.2.12"
},
{
"version": "9.0",
"status": "affected",
"versionType": "custom",
"lessThan": "9.0.6"
},
{
"version": "9.1",
"status": "affected",
"versionType": "custom",
"lessThan": "9.1.1"
}
]
}
]