PT-2023-26704 · Zkteco · Zkteco Bioaccess Ivs

Published

2023-08-03

Updated

2023-08-08

CVE-2023-38958

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions ZKTeco BioAccess IVS version 3.3.1

Description An access control issue allows unauthenticated attackers to arbitrarily close and open doors managed by the platform remotely by sending a crafted web request.

Recommendations For ZKTeco BioAccess IVS version 3.3.1, consider restricting access to the web interface until a patch is available to prevent unauthorized control of doors. As a temporary workaround, limit the exposure of the platform to the internet and isolate it from public access to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2023-38958

Affected Products

Zkteco Bioaccess Ivs

PT-2023-26704 · Zkteco · Zkteco Bioaccess Ivs

CVE-2023-38958

Weakness Enumeration

Related Identifiers

Affected Products

References · 6