CVE-2016-20024
ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation
ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with malicious binaries for privilege escalation.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
ZKTeco Inc. · ZKTeco ZKTime.NetWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://cxsecurity.com/issue/WLB-2016080264https://exchange.xforce.ibmcloud.com/vulnerabilities/116487https://packetstormsecurity.com/files/138565https://www.exploit-db.com/exploits/40322/https://www.vulncheck.com/advisories/zkteco-zktime-net-insecure-file-permissions-privilege-escalationhttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5360.php