CVE-2018-5457

CVE Database · CVE-2018-5457

CVE-2018-5457

· N/AModified

CVSS v3.1

N/A

EPSS

0.37%

Published

Feb 6, 2018

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A uncontrolled search path element issue was discovered in Vyaire Medical CareFusion Upgrade Utility used with Windows XP systems, Versions 2.0.2.2 and prior versions. A successful exploit of this vulnerability requires the local user to install a crafted DLL on the target machine. The application loads the DLL and gives the attacker access at the same privilege level as the application.

Weaknesses (CWE)

CWE-427CWE-427

Affected Products (2)

vyaire · carefusion_upgrade_utilityvulnerable

microsoft · windows_xp

References (4)

http://www.securityfocus.com/bid/102983

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-01

Third Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/102983

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-01

Third Party AdvisoryUS Government Resource

KEV Catalog EPSS Scores Vendors All CVEs