Vulnerability Description
Kaizen Asset Manager (Enterprise Edition) and Training Manager (Enterprise Edition) allow a remote attacker to achieve arbitrary code execution via file impersonation. For example, a malicious dynamic-link library (dll) assumed the identity of a temporary (tmp) file (isxdl.dll) and an executable file assumed the identity of a temporary file (996E.temp).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kzsoftware | Asset Manager | <= 1.0.1188.0 |
| Kzsoftware | Training Manager | <= 1.0.1230.0 |
Related Weaknesses (CWE)
References
- https://github.com/GitHubAssessments/CVE_Assessment_03_2018/blob/master/Kaizen_RExploitThird Party Advisory
- https://github.com/GitHubAssessments/CVE_Assessment_03_2018/blob/master/Kaizen_RExploitThird Party Advisory
FAQ
What is CVE-2018-16545?
CVE-2018-16545 is a vulnerability with a CVSS score of 7.8 (HIGH). Kaizen Asset Manager (Enterprise Edition) and Training Manager (Enterprise Edition) allow a remote attacker to achieve arbitrary code execution via file impersonation. For example, a malicious dynamic...
How severe is CVE-2018-16545?
CVE-2018-16545 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-16545?
Check the references section above for vendor advisories and patch information. Affected products include: Kzsoftware Asset Manager, Kzsoftware Training Manager.