ID
VAR-E-201608-0103
EDB ID
40323
TITLE
ZKTeco ZKAccess Professional 3.5.3 - Insecure File Permissions Privilege Escalation - Windows local Exploit
Trust: 0.6
DESCRIPTION
ZKTeco ZKAccess Professional 3.5.3 - Insecure File Permissions Privilege Escalation.. local exploit for Windows platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | zkteco | model: | zkaccess professional | scope: | eq | version: | 3.5.3 | Trust: 2.1 |
EXPLOIT
ZKTeco ZKAccess Professional 3.5.3 Insecure File Permissions
Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd
Product web page: http://www.zkteco.com
Affected version: 3.5.3 (Build 0005)
Summary: ZKAccess 3.5 is a desktop software which is suitable
for small and medium businesses application. Compatible with
all ZKAccess standalone reader controllers, the software can
simultaneously manage access control and generate attendance
report. The brand new flat GUI design and humanized structure
of new ZKAccess 3.5 will make your daily management more pleasant
and convenient.
Desc: ZKAccess suffers from an elevation of privileges vulnerability
which can be used by a simple authenticated user that can change the
executable file with a binary of choice. The vulnerability exist due
to the improper permissions, with the 'M' flag (Modify) for 'Authenticated Users'
group.
Tested on: Microsoft Windows 7 Ultimate SP1 (EN)
Microsoft Windows 7 Professional SP1 (EN)
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2016-5361
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5361.php
18.07.2016
--
C:\ZKTeco>icacls ZKAccess3.5
ZKAccess3.5 BUILTIN\Administrators:(I)(F)
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(I)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
BUILTIN\Users:(I)(OI)(CI)(RX)
NT AUTHORITY\Authenticated Users:(I)(M)
NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(IO)(M)
Successfully processed 1 files; Failed processing 0 files
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Insecure File Permissions Privilege Escalation
Trust: 1.6
TAGS
| tag: | exploit | Trust: 0.5 |
CREDITS
LiquidWorm
Trust: 0.6
EXTERNAL IDS
| db: | ZSL | id: | ZSL-2016-5361 | Trust: 2.7 |
| db: | EXPLOIT-DB | id: | 40323 | Trust: 1.6 |
| db: | EDBNET | id: | 87575 | Trust: 0.6 |
| db: | EDBNET | id: | 87585 | Trust: 0.6 |
| db: | PACKETSTORM | id: | 138566 | Trust: 0.5 |
REFERENCES
| url: | http://www.zeroscience.mk/en/vulnerabilities/zsl-2016-5361.php | Trust: 1.0 |
| url: | https://www.intelligentexploit.com | Trust: 0.6 |
| url: | https://www.exploit-db.com/exploits/40323/ | Trust: 0.6 |
SOURCES
| db: | PACKETSTORM | id: | 138566 |
| db: | EXPLOIT-DB | id: | 40323 |
| db: | EDBNET | id: | 87575 |
| db: | EDBNET | id: | 87585 |
LAST UPDATE DATE
2022-07-27T09:37:41.776000+00:00
SOURCES RELEASE DATE
| db: | PACKETSTORM | id: | 138566 | date: | 2016-08-31T14:20:31 |
| db: | EXPLOIT-DB | id: | 40323 | date: | 2016-08-31T00:00:00 |
| db: | EDBNET | id: | 87575 | date: | 2016-08-31T00:00:00 |
| db: | EDBNET | id: | 87585 | date: | 2016-08-31T00:00:00 |