CVE-2023-38956

Name of the Vulnerable Software and Affected Versions ZKTeco BioAccess IVS version 3.3.1

Description The issue is related to a path traversal vulnerability, which can be exploited by a remote attacker to read arbitrary files. This is achieved by supplying a crafted payload, allowing unauthorized access to files.

Recommendations For ZKTeco BioAccess IVS version 3.3.1, consider restricting access to sensitive files and directories until a patch is available. As a temporary workaround, limit the ability to supply crafted payloads to the vulnerable endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.