CVE-2016-20024
ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation
ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with malicious binaries for privilege escalation.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
ZKTeco Inc. · ZKTeco ZKTime.Net¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://cxsecurity.com/issue/WLB-2016080264https://exchange.xforce.ibmcloud.com/vulnerabilities/116487https://packetstormsecurity.com/files/138565https://www.exploit-db.com/exploits/40322/https://www.vulncheck.com/advisories/zkteco-zktime-net-insecure-file-permissions-privilege-escalationhttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5360.php