CVE-2018-17538

Vulnerability

Axon (formerly TASER International) Evidence Sync version 3.15.89 is vulnerable to process injection [1][2]. The vulnerability exists due to insufficient verification of process integrity, allowing a malicious actor to inject code into a running process [1]. The affected version is specifically 3.15.89 [1][2].

Exploitation

An attacker with local system access or the ability to run code on the same machine can exploit this vulnerability [1]. The attacker would need to inject code into the running Evidence Sync process, potentially by modifying the executable before it is launched or by using a separate process to perform the injection [1]. No user interaction beyond normal operation of the software is required [1].

Impact

Successful exploitation allows the attacker to execute arbitrary code within the context of the Evidence Sync process [1]. This could lead to privilege escalation, as the process may run with higher privileges than the attacker, or to data tampering and denial of service by corrupting the evidence review and sync functionality [1][2]. The full impact is limited by the specific privileges of the target process [1].

Mitigation

As of the publication date (2018-09-26), no official patch or mitigation from Axon has been identified [1]. The vendor's position disputes the vulnerability classification [description], making a patch unlikely. Organizations using Evidence Sync version 3.15.89 should restrict local access to trusted users and monitor for unauthorized process injection attempts as a workaround [1]. No fixed version or CVE listing on KEV has been reported.