Sign-up

ID

VAR-201609-0703


CVE

CVE-2016-20025


TITLE

ZKTeco ZKAccess Professional 3.5.3 File Privilege Escalation Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2016-07217

DESCRIPTION

ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with malicious code for privilege escalation. ZKTecoZKAccessProfessional is an access control management system. ZKTecoZKAccessProfessional3.5.3 file privilege escalation vulnerability caused by the error attribute of the authenticated user of the 'M' flag. ZKAccess 3.5 is a desktop software which is suitablefor small and medium businesses application. Compatible withall ZKAccess standalone reader controllers, the software cansimultaneously manage access control and generate attendancereport. The brand new flat GUI design and humanized structureof new ZKAccess 3.5 will make your daily management more pleasantand convenient.ZKAccess suffers from an elevation of privileges vulnerabilitywhich can be used by a simple authenticated user that can change theexecutable file with a binary of choice. The vulnerability exist dueto the improper permissions, with the 'M' flag (Modify) for 'Authenticated Users'group.Tested on: Microsoft Windows 7 Ultimate SP1 (EN)Microsoft Windows 7 Professional SP1 (EN)

Trust: 1.53

sources: NVD: CVE-2016-20025 // CNVD: CNVD-2016-07217 // ZSL: ZSL-2016-5361

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-07217

AFFECTED PRODUCTS

vendor:zktecomodel:zkaccess professionalscope:eqversion:3.5.3

Trust: 0.6

vendor:zktecomodel:zkaccess professionalscope:eqversion:3.5.3 (build 0005)

Trust: 0.1

sources: ZSL: ZSL-2016-5361 // CNVD: CNVD-2016-07217

CVSS

SEVERITY

CVSSV2

CVSSV3

disclosure@vulncheck.com: CVE-2016-20025
value: HIGH

Trust: 1.0

CNVD: CNVD-2016-07217
value: MEDIUM

Trust: 0.6

ZSL: ZSL-2016-5361
value: (2/5)

Trust: 0.1

CNVD: CNVD-2016-07217
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

disclosure@vulncheck.com: CVE-2016-20025
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: ZSL: ZSL-2016-5361 // CNVD: CNVD-2016-07217 // NVD: CVE-2016-20025

PROBLEMTYPE DATA

problemtype:CWE-552

Trust: 1.0

sources: NVD: CVE-2016-20025

TYPE

Local,Privilege Escalation

Trust: 0.1

sources: ZSL: ZSL-2016-5361

EXPLOIT AVAILABILITY

sources:
            
            
            ZSL: ZSL-2016-5361

EXTERNAL IDS
db:EXPLOIT-DBid:40323
Trust: 1.7
db:CXSECURITYid:WLB-2016080265
Trust: 1.1
db:PACKETSTORMid:138566
Trust: 1.1
db:ZSLid:ZSL-2016-5361
Trust: 1.1
db:NVDid:CVE-2016-20025
Trust: 1.0
db:CNVDid:CNVD-2016-07217
Trust: 0.6
sources:
            
            
            ZSL: ZSL-2016-5361 // 
            
            
            
            CNVD: CNVD-2016-07217 // 
            
            
            
            NVD: CVE-2016-20025

REFERENCES
url:https://www.exploit-db.com/exploits/40323/
Trust: 1.7
url:https://cxsecurity.com/issue/wlb-2016080265
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/116486
Trust: 1.1
url:https://packetstormsecurity.com/files/138566
Trust: 1.1
url:https://www.vulncheck.com/advisories/zkteco-zkaccess-professional-privilege-escalation-via-insecure-permissions
Trust: 1.0
url:https://www.zeroscience.mk/en/vulnerabilities/zsl-2016-5361.php
Trust: 1.0
sources:
            
            
            ZSL: ZSL-2016-5361 // 
            
            
            
            CNVD: CNVD-2016-07217 // 
            
            
            
            NVD: CVE-2016-20025

CREDITS
Vulnerability discovered by Gjoko Krstic
Trust: 0.1
sources:
            
            
            ZSL: ZSL-2016-5361

SOURCES
db:ZSLid:ZSL-2016-5361
db:CNVDid:CNVD-2016-07217
db:NVDid:CVE-2016-20025

LAST UPDATE DATE
2026-04-16T05:21:25.724000+00:00

SOURCES UPDATE DATE
db:ZSLid:ZSL-2016-5361date:2016-09-26T00:00:00
db:CNVDid:CNVD-2016-07217date:2016-09-05T00:00:00
db:NVDid:CVE-2016-20025date:2026-04-15T14:56:45.970

SOURCES RELEASE DATE
db:ZSLid:ZSL-2016-5361date:2016-08-30T00:00:00
db:CNVDid:CNVD-2016-07217date:2016-09-05T00:00:00
db:NVDid:CVE-2016-20025date:2026-03-16T14:17:48.573