Vulnerability Description
A uncontrolled search path element issue was discovered in Vyaire Medical CareFusion Upgrade Utility used with Windows XP systems, Versions 2.0.2.2 and prior versions. A successful exploit of this vulnerability requires the local user to install a crafted DLL on the target machine. The application loads the DLL and gives the attacker access at the same privilege level as the application.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vyaire | Carefusion Upgrade Utility | <= 2.0.2.2 |
| Microsoft | Windows Xp | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/102983Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-01Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/102983Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2018-5457?
CVE-2018-5457 is a vulnerability with a CVSS score of 7.0 (HIGH). A uncontrolled search path element issue was discovered in Vyaire Medical CareFusion Upgrade Utility used with Windows XP systems, Versions 2.0.2.2 and prior versions. A successful exploit of this vul...
How severe is CVE-2018-5457?
CVE-2018-5457 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-5457?
Check the references section above for vendor advisories and patch information. Affected products include: Vyaire Carefusion Upgrade Utility, Microsoft Windows Xp.