Lucene search

INCIBECVE-2023-4587

HistorySep 04, 2023 - 12:15 p.m.

CVE-2023-4587

2023-09-0412:15:10

CWE-639

INCIBE

web.nvd.nist.gov

zkteco

zem800

v6.60

idor

vulnerability

local attacker

user data

security

CVSS3

8.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

AI Score

5.3

Confidence

High

EPSS

Percentile

5.1%

JSON

An IDOR vulnerability has been found in ZKTeco ZEM800 product affecting version 6.60. This vulnerability allows a local attacker to obtain registered user backup files or device configuration files over a local network or through a VPN server.

Affected configurations

Nvd

Vulners

Vulnrichment

Node

zktecozem800_firmwareMatch6.60

AND

zktecozem800Match-

VendorProductVersionCPE
zktecozem800_firmware6.60cpe:2.3:o:zkteco:zem800_firmware:6.60:*:*:*:*:*:*:*
zktecozem800-cpe:2.3:h:zkteco:zem800:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zkteco	zem800_firmware	6.60	cpe:2.3:o:zkteco:zem800_firmware:6.60:::::::*
zkteco	zem800	-	cpe:2.3:h:zkteco:zem800:-:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ZEM800",
    "vendor": "ZKTeco ",
    "versions": [
      {
        "status": "affected",
        "version": "6.60"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/insecure-direct-object-reference-zkteco-zem800

CVSS3

8.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

AI Score

5.3

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-4587