Lucene search

[email protected]CVE-2023-4587

HistorySep 04, 2023 - 12:15 p.m.

CVE-2023-4587

2023-09-0412:15:10

CWE-639

[email protected]

web.nvd.nist.gov

zkteco

zem800

v6.60

idor

vulnerability

local attacker

user data

security

8.3 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

An IDOR vulnerability has been found in ZKTeco ZEM800 product affecting version 6.60. This vulnerability allows a local attacker to obtain registered user backup files or device configuration files over a local network or through a VPN server.

Affected configurations

Vulners

NVD

Node

zktecozem800Range≤6.60

VendorProductVersionCPE
zktecozem800*cpe:2.3:h:zkteco:zem800:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zkteco	zem800	*	cpe:2.3:h:zkteco:zem800::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ZEM800",
    "vendor": "ZKTeco ",
    "versions": [
      {
        "status": "affected",
        "version": "6.60"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/insecure-direct-object-reference-zkteco-zem800

8.3 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-4587

prion1 nvd1 cvelist1 vulnrichment1