PT-2017-12919 · Zkteco · Zktime Web
Arvind Vishwakarma
·
Published
2017-09-26
·
Updated
2017-10-03
·
CVE-2017-13129
CVSS v3.1
8.0
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ZKTeco ZKTime Web version 2.0.1.12280
Description
A cross-site request forgery (CSRF) issue allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging the lack of anti-CSRF tokens.
Recommendations
For ZKTeco ZKTime Web version 2.0.1.12280, consider implementing anti-CSRF tokens to prevent unauthorized requests. As a temporary workaround, restrict access to administrator functions to minimize the risk of exploitation.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zktime Web