Lucene search
HistoryOct 07, 2022 - 8:15 p.m.
CVE-2022-36634
cve-2022-36634
zkteco
zkbiosecurity
access control
security issue
admin users
http request
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.4 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
71.0%
An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows attackers to arbitrarily create admin users via a crafted HTTP request.
Affected configurations
Node
zktecozkbiosecurity_v5000Match3.0.5.0_r
| CPE | Name | Operator | Version |
|---|---|---|---|
| zkteco:zkbiosecurity_v5000 | zkteco zkbiosecurity v5000 | eq | 3.0.5.0_r |
Social References
More
Related
cnvd
cnvd
ZKTeco ZKBioSecurity Access Control Error Vulnerability
2022-10-11 00:00:00
nvd
nvd
CVE-2022-36634
2022-10-07 20:15:14
packetstorm
packetstorm
ZKSecurity BIO 3.0.5.0_R Privilege Escalation
2022-10-01 00:00:00
zdt
zdt
ZKSecurity BIO 3.0.5.0_R Privilege Escalation Vulnerability
2022-10-03 00:00:00
cvelist
cvelist
CVE-2022-36634
2022-10-07 00:00:00
prion
prion
Cross site request forgery (csrf)
2022-10-07 20:15:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.4 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
71.0%
Related for CVE-2022-36634