Login Sign Up

CVE-2018-17538

9.8 CRITICAL

📋 TL;DR

CVE-2018-17538 is a process injection vulnerability in Axon Evidence Sync 3.15.89 that allows attackers to execute arbitrary code with elevated privileges. This affects organizations using Axon's evidence management software for law enforcement and security operations. The vendor disputes the vulnerability's validity, but the CVSS score suggests critical impact.

💻 Affected Systems

Products:
  • Axon Evidence Sync
Versions: 3.15.89
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Vendor disputes vulnerability existence. Affects law enforcement evidence management systems.

📦 What is this software?

Evidence Sync by Axon

View all CVEs affecting Evidence Sync →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary code with high privileges, potentially leading to data theft, evidence tampering, or lateral movement within law enforcement networks.

🟠

Likely Case

Local privilege escalation or unauthorized code execution on affected systems, compromising evidence integrity and system security.

🟢

If Mitigated

Limited impact if systems are isolated, have strict access controls, and run with minimal privileges.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Limited public information due to vendor dispute. Likely requires local access or initial foothold.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available - vendor disputes vulnerability

Restart Required: No

Instructions:

Contact Axon support for guidance. Consider upgrading to latest version if available.

🔧 Temporary Workarounds

Restrict Local Access

all

Limit user access to systems running Evidence Sync to authorized personnel only

Network Segmentation

all

Isolate Evidence Sync systems from general network access

🧯 If You Can't Patch

  • Implement strict access controls and least privilege principles
  • Monitor systems for unusual process activity and network connections

🔍 How to Verify

Check if Vulnerable:

Check Evidence Sync version in application interface or installation directory

Check Version:

Check application GUI or installation properties

Verify Fix Applied:

Verify version is newer than 3.15.89 or contact vendor for confirmation

📡 Detection & Monitoring

Log Indicators:

  • Unusual process creation events
  • Unexpected service or application behavior

Network Indicators:

  • Unexpected outbound connections from Evidence Sync process

SIEM Query:

Process creation where parent process contains 'Evidence Sync' and child process is unexpected

📊 Metadata

CVE ID: CVE-2018-17538
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: September 26, 2018
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON