Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
3 vulnerabilities by vyaire
VAR-201802-1046
Vulnerability from variot - Updated: 2023-12-18 13:43A uncontrolled search path element issue was discovered in Vyaire Medical CareFusion Upgrade Utility used with Windows XP systems, Versions 2.0.2.2 and prior versions. A successful exploit of this vulnerability requires the local user to install a crafted DLL on the target machine. The application loads the DLL and gives the attacker access at the same privilege level as the application. CareFusion Upgrade Utility is prone to a local privilege-escalation vulnerability. Local attackers may exploit this issue to execute arbitrary code with administrative privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201802-1046",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "carefusion upgrade utility",
"scope": "lte",
"trust": 1.0,
"vendor": "vyaire",
"version": "2.0.2.2"
},
{
"model": "carefusion upgrade utility",
"scope": "eq",
"trust": 0.9,
"vendor": "vyaire",
"version": "2.0.2.2"
},
{
"model": "carefusion upgrade utility",
"scope": "lte",
"trust": 0.8,
"vendor": "vyaire medical",
"version": "2.0.2.2"
},
{
"model": "medical carefusion upgrade utility",
"scope": "lte",
"trust": 0.6,
"vendor": "vyaire",
"version": "\u003c=2.0.2.2"
},
{
"model": "carefusion upgrade utility",
"scope": "ne",
"trust": 0.3,
"vendor": "vyaire",
"version": "2.0.3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "carefusion upgrade utility",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e378a2-39ab-11e9-a253-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-03304"
},
{
"db": "BID",
"id": "102983"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002233"
},
{
"db": "NVD",
"id": "CVE-2018-5457"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-151"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vyaire:carefusion_upgrade_utility:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.0.2.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5457"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mark Cross (@xerubus)",
"sources": [
{
"db": "BID",
"id": "102983"
}
],
"trust": 0.3
},
"cve": "CVE-2018-5457",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.9,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-5457",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"id": "CNVD-2018-03304",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"id": "e2e378a2-39ab-11e9-a253-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.0,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-5457",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-5457",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-03304",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201802-151",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2e378a2-39ab-11e9-a253-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e378a2-39ab-11e9-a253-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-03304"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002233"
},
{
"db": "NVD",
"id": "CVE-2018-5457"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-151"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A uncontrolled search path element issue was discovered in Vyaire Medical CareFusion Upgrade Utility used with Windows XP systems, Versions 2.0.2.2 and prior versions. A successful exploit of this vulnerability requires the local user to install a crafted DLL on the target machine. The application loads the DLL and gives the attacker access at the same privilege level as the application. CareFusion Upgrade Utility is prone to a local privilege-escalation vulnerability. \nLocal attackers may exploit this issue to execute arbitrary code with administrative privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5457"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002233"
},
{
"db": "CNVD",
"id": "CNVD-2018-03304"
},
{
"db": "BID",
"id": "102983"
},
{
"db": "IVD",
"id": "e2e378a2-39ab-11e9-a253-000c29342cb1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-5457",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSMA-18-037-01",
"trust": 3.3
},
{
"db": "BID",
"id": "102983",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2018-03304",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201802-151",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002233",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E378A2-39AB-11E9-A253-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e378a2-39ab-11e9-a253-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-03304"
},
{
"db": "BID",
"id": "102983"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002233"
},
{
"db": "NVD",
"id": "CVE-2018-5457"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-151"
}
]
},
"id": "VAR-201802-1046",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e378a2-39ab-11e9-a253-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-03304"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2e378a2-39ab-11e9-a253-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-03304"
}
]
},
"last_update_date": "2023-12-18T13:43:49.891000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.vyaire.com/"
},
{
"title": "Vyaire Medical CareFusion Upgrade Utility privilege escalation patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/116473"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03304"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002233"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002233"
},
{
"db": "NVD",
"id": "CVE-2018-5457"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/102983"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5457"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5457"
},
{
"trust": 0.3,
"url": "https://www.vyaire.com/us"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03304"
},
{
"db": "BID",
"id": "102983"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002233"
},
{
"db": "NVD",
"id": "CVE-2018-5457"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-151"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e378a2-39ab-11e9-a253-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-03304"
},
{
"db": "BID",
"id": "102983"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002233"
},
{
"db": "NVD",
"id": "CVE-2018-5457"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-151"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-13T00:00:00",
"db": "IVD",
"id": "e2e378a2-39ab-11e9-a253-000c29342cb1"
},
{
"date": "2018-02-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-03304"
},
{
"date": "2018-02-06T00:00:00",
"db": "BID",
"id": "102983"
},
{
"date": "2018-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002233"
},
{
"date": "2018-02-06T21:29:00.473000",
"db": "NVD",
"id": "CVE-2018-5457"
},
{
"date": "2018-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-151"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-03304"
},
{
"date": "2018-02-06T00:00:00",
"db": "BID",
"id": "102983"
},
{
"date": "2018-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002233"
},
{
"date": "2019-10-09T23:41:23.797000",
"db": "NVD",
"id": "CVE-2018-5457"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-151"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "102983"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-151"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vyaire Medical CareFusion Upgrade Utility Vulnerabilities in uncontrolled search path elements",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002233"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "e2e378a2-39ab-11e9-a253-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-151"
}
],
"trust": 0.8
}
}
CVE-2018-5457 (GCVE-0-2018-5457)
Vulnerability from cvelistv5 – Published: 2018-02-06 20:00 – Updated: 2024-08-05 05:33
VLAI
Summary
A uncontrolled search path element issue was discovered in Vyaire Medical CareFusion Upgrade Utility used with Windows XP systems, Versions 2.0.2.2 and prior versions. A successful exploit of this vulnerability requires the local user to install a crafted DLL on the target machine. The application loads the DLL and gives the attacker access at the same privilege level as the application.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-01 | x_refsource_MISC |
| http://www.securityfocus.com/bid/102983 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Vyaire Medical CareFusion Upgrade Utility Vulnerability |
Affected:
Vyaire Medical CareFusion Upgrade Utility Vulnerability
|
Date Public
2018-02-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-01"
},
{
"name": "102983",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102983"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Vyaire Medical CareFusion Upgrade Utility Vulnerability",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Vyaire Medical CareFusion Upgrade Utility Vulnerability"
}
]
}
],
"datePublic": "2018-02-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A uncontrolled search path element issue was discovered in Vyaire Medical CareFusion Upgrade Utility used with Windows XP systems, Versions 2.0.2.2 and prior versions. A successful exploit of this vulnerability requires the local user to install a crafted DLL on the target machine. The application loads the DLL and gives the attacker access at the same privilege level as the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-13T10:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-01"
},
{
"name": "102983",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102983"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2018-5457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Vyaire Medical CareFusion Upgrade Utility Vulnerability",
"version": {
"version_data": [
{
"version_value": "Vyaire Medical CareFusion Upgrade Utility Vulnerability"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A uncontrolled search path element issue was discovered in Vyaire Medical CareFusion Upgrade Utility used with Windows XP systems, Versions 2.0.2.2 and prior versions. A successful exploit of this vulnerability requires the local user to install a crafted DLL on the target machine. The application loads the DLL and gives the attacker access at the same privilege level as the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-01"
},
{
"name": "102983",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102983"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-5457",
"datePublished": "2018-02-06T20:00:00.000Z",
"dateReserved": "2018-01-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:33:44.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5457 (GCVE-0-2018-5457)
Vulnerability from nvd – Published: 2018-02-06 20:00 – Updated: 2024-08-05 05:33
VLAI
Summary
A uncontrolled search path element issue was discovered in Vyaire Medical CareFusion Upgrade Utility used with Windows XP systems, Versions 2.0.2.2 and prior versions. A successful exploit of this vulnerability requires the local user to install a crafted DLL on the target machine. The application loads the DLL and gives the attacker access at the same privilege level as the application.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-01 | x_refsource_MISC |
| http://www.securityfocus.com/bid/102983 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Vyaire Medical CareFusion Upgrade Utility Vulnerability |
Affected:
Vyaire Medical CareFusion Upgrade Utility Vulnerability
|
Date Public
2018-02-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-01"
},
{
"name": "102983",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102983"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Vyaire Medical CareFusion Upgrade Utility Vulnerability",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Vyaire Medical CareFusion Upgrade Utility Vulnerability"
}
]
}
],
"datePublic": "2018-02-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A uncontrolled search path element issue was discovered in Vyaire Medical CareFusion Upgrade Utility used with Windows XP systems, Versions 2.0.2.2 and prior versions. A successful exploit of this vulnerability requires the local user to install a crafted DLL on the target machine. The application loads the DLL and gives the attacker access at the same privilege level as the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-13T10:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-01"
},
{
"name": "102983",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102983"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2018-5457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Vyaire Medical CareFusion Upgrade Utility Vulnerability",
"version": {
"version_data": [
{
"version_value": "Vyaire Medical CareFusion Upgrade Utility Vulnerability"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A uncontrolled search path element issue was discovered in Vyaire Medical CareFusion Upgrade Utility used with Windows XP systems, Versions 2.0.2.2 and prior versions. A successful exploit of this vulnerability requires the local user to install a crafted DLL on the target machine. The application loads the DLL and gives the attacker access at the same privilege level as the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-01"
},
{
"name": "102983",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102983"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-5457",
"datePublished": "2018-02-06T20:00:00.000Z",
"dateReserved": "2018-01-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:33:44.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}