PT-2023-26704 · Zkteco · Zkteco Bioaccess Ivs

Publicado

2023-08-03

Atualizado

2023-08-08

CVE-2023-38958

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions ZKTeco BioAccess IVS version 3.3.1

Description An access control issue allows unauthenticated attackers to arbitrarily close and open doors managed by the platform remotely by sending a crafted web request.

Recommendations For ZKTeco BioAccess IVS version 3.3.1, consider restricting access to the web interface until a patch is available to prevent unauthorized control of doors. As a temporary workaround, limit the exposure of the platform to the internet and isolate it from public access to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863

Identificadores relacionados

CVE-2023-38958

Produtos afetados

Zkteco Bioaccess Ivs

PT-2023-26704 · Zkteco · Zkteco Bioaccess Ivs

CVE-2023-38958

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6