Описание
Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read sensitive backup files and access sensitive information such as user credentials via sending a crafted HTTP request to the static files resources of the system.
Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read sensitive backup files and access sensitive information such as user credentials via sending a crafted HTTP request to the static files resources of the system.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-38952
- https://claroty.com/team82/disclosure-dashboard/cve-2023-38952
- https://github.com/omair2084/biotime-rce-8.5.5/blob/main/biotime_enum.py
- https://krashconsulting.com/fury-of-fingers-biotime-rce
- https://sploitus.com/exploit?id=PACKETSTORM:177859
- http://zkteco.com
Связанные уязвимости
Insecure access control in ZKTeco BioTime through 9.0.1 allows authenticated attackers to escalate their privileges due to the fact that session ids are not validated for the type of user accessing the application by default. Privilege restrictions between non-admin and admin users are not enforced and any authenticated user can leverage admin functions without restriction by making direct requests to administrative endpoints.
Уязвимость веб-платформы управления учетом рабочего времени BioTime, связанная с недостатками разграничения доступа, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации