CVE-2023-38952

Опубликовано: 03 авг. 2023

Источник: nvd

CVSS3: 7.5

EPSS Средний

Описание

Insecure access control in ZKTeco BioTime through 9.0.1 allows authenticated attackers to escalate their privileges due to the fact that session ids are not validated for the type of user accessing the application by default. Privilege restrictions between non-admin and admin users are not enforced and any authenticated user can leverage admin functions without restriction by making direct requests to administrative endpoints.

Ссылки

http://zkteco.com
Product
https://claroty.com/team82/disclosure-dashboard/cve-2023-38952
Third Party Advisory
https://github.com/omair2084/biotime-rce-8.5.5/blob/main/biotime_enum.py
https://krashconsulting.com/fury-of-fingers-biotime-rce/
http://zkteco.com
Product
https://claroty.com/team82/disclosure-dashboard/cve-2023-38952
Third Party Advisory
https://sploitus.com/exploit?id=PACKETSTORM:177859

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zkteco:biotime:8.5.5:*:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.16963

Средний

7.5 High

CVSS3

Дефекты

CWE-552

Связанные уязвимости

GHSA-7xfv-pf6f-p6v2

CVSS3: 7.5

github

больше 2 лет назад

Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read sensitive backup files and access sensitive information such as user credentials via sending a crafted HTTP request to the static files resources of the system.

BDU:2023-04433

CVSS3: 6.3

fstec