CVE-2016-20024
ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation
ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with malicious binaries for privilege escalation.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
ZKTeco Inc. · ZKTeco ZKTime.NetQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://cxsecurity.com/issue/WLB-2016080264https://exchange.xforce.ibmcloud.com/vulnerabilities/116487https://packetstormsecurity.com/files/138565https://www.exploit-db.com/exploits/40322/https://www.vulncheck.com/advisories/zkteco-zktime-net-insecure-file-permissions-privilege-escalationhttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5360.php