CVE-2018-16545
Last modified
CVE-2018-16545 is a vulnerability of currently unknown severity. Kaizen Asset Manager (Enterprise Edition) and Training Manager (Enterprise Edition) allow a remote attacker to achieve arbitrary code execution via file impersonation. For example, a malicious dynamic-link library (dll) assumed the identity of a temporary (tmp) file (isxdl.dll) and an executable file assumed the identity of a temporary file (996E.temp).. EPSS estimates a 1.70% chance of exploitation in the next 30 days.
Description
Kaizen Asset Manager (Enterprise Edition) and Training Manager (Enterprise Edition) allow a remote attacker to achieve arbitrary code execution via file impersonation. For example, a malicious dynamic-link library (dll) assumed the identity of a temporary (tmp) file (isxdl.dll) and an executable file assumed the identity of a temporary file (996E.temp).
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Kzsoftware | Asset Manager | <= 1.0.1188.0 |
| Kzsoftware | Training Manager | <= 1.0.1230.0 |
References
- https://github.com/GitHubAssessments/CVE_Assessment_03_2018/blob/master/Kaizen_Report.pdfExploit, Third Party Advisory
- https://github.com/GitHubAssessments/CVE_Assessment_03_2018/blob/master/Kaizen_Report.pdfExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-16545?
How severe is CVE-2018-16545?
How do I fix CVE-2018-16545?
Are you affected by CVE-2018-16545?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST