CVE-2018-16545

Kaizen Asset Manager (Enterprise Edition) and Training Manager (Enterprise Edition) allow a remote attacker to achieve arbitrary code execution via file impersonation. For example, a malicious dynamic-link library (dll) assumed the identity of a temporary (tmp) file (isxdl.dll) and an executable file assumed the identity of a temporary file (996E.temp).

Published: Sep 5, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-16545
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-732

Affected Software
References

Software	From	Fixed in
kzsoftware / training_manager	-	1.0.1230.0.x
kzsoftware / asset_manager	-	1.0.1188.0.x

https://github.com/GitHubAssessments/CVE_Assessment_03_2018/blob/master/Kaizen_Report.pdf

Vulnerability Database

CVE-2018-16545

Deep Security Visibility Without the Complexity