Sign-up

ID

VAR-201609-0703


TITLE

ZKTeco ZKAccess Professional 3.5.3 File Privilege Escalation Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2016-07217

DESCRIPTION

ZKTecoZKAccessProfessional is an access control management system. ZKTecoZKAccessProfessional3.5.3 file privilege escalation vulnerability caused by the error attribute of the authenticated user of the 'M' flag. ZKAccess 3.5 is a desktop software which is suitablefor small and medium businesses application. Compatible withall ZKAccess standalone reader controllers, the software cansimultaneously manage access control and generate attendancereport. The brand new flat GUI design and humanized structureof new ZKAccess 3.5 will make your daily management more pleasantand convenient.ZKAccess suffers from an elevation of privileges vulnerabilitywhich can be used by a simple authenticated user that can change theexecutable file with a binary of choice. The vulnerability exist dueto the improper permissions, with the 'M' flag (Modify) for 'Authenticated Users'group.Tested on: Microsoft Windows 7 Ultimate SP1 (EN)Microsoft Windows 7 Professional SP1 (EN)

Trust: 0.63

sources: CNVD: CNVD-2016-07217 // ZSL: ZSL-2016-5361

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-07217

AFFECTED PRODUCTS

vendor:zktecomodel:zkaccess professionalscope:eqversion:3.5.3

Trust: 0.6

vendor:zktecomodel:zkaccess professionalscope:eqversion:3.5.3 (build 0005)

Trust: 0.1

sources: ZSL: ZSL-2016-5361 // CNVD: CNVD-2016-07217

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2016-07217
value: MEDIUM

Trust: 0.6

ZSL: ZSL-2016-5361
value: (2/5)

Trust: 0.1

CNVD: CNVD-2016-07217
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: ZSL: ZSL-2016-5361 // CNVD: CNVD-2016-07217

TYPE

Local,Privilege Escalation

Trust: 0.1

sources: ZSL: ZSL-2016-5361

EXPLOIT AVAILABILITY

sources:
            
            
            ZSL: ZSL-2016-5361

EXTERNAL IDS
db:EXPLOIT-DBid:40323
Trust: 0.7
db:CNVDid:CNVD-2016-07217
Trust: 0.6
db:CXSECURITYid:WLB-2016080265
Trust: 0.1
db:PACKETSTORMid:138566
Trust: 0.1
db:ZSLid:ZSL-2016-5361
Trust: 0.1
sources:
            
            
            ZSL: ZSL-2016-5361 // 
            
            
            
            CNVD: CNVD-2016-07217

REFERENCES
url:https://www.exploit-db.com/exploits/40323/
Trust: 0.7
url:https://cxsecurity.com/issue/wlb-2016080265
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/116486
Trust: 0.1
url:https://packetstormsecurity.com/files/138566
Trust: 0.1
sources:
            
            
            ZSL: ZSL-2016-5361 // 
            
            
            
            CNVD: CNVD-2016-07217

CREDITS
Vulnerability discovered by Gjoko Krstic
Trust: 0.1
sources:
            
            
            ZSL: ZSL-2016-5361

SOURCES
db:ZSLid:ZSL-2016-5361
db:CNVDid:CNVD-2016-07217

LAST UPDATE DATE
2022-10-19T22:14:36.166000+00:00

SOURCES UPDATE DATE
db:ZSLid:ZSL-2016-5361date:2016-09-26T00:00:00
db:CNVDid:CNVD-2016-07217date:2016-09-05T00:00:00

SOURCES RELEASE DATE
db:ZSLid:ZSL-2016-5361date:2016-08-30T00:00:00
db:CNVDid:CNVD-2016-07217date:2016-09-05T00:00:00