Lucene search

INCIBECVELIST:CVE-2023-4587

HistorySep 04, 2023 - 11:23 a.m.

CVE-2023-4587 Insecure direct object reference in ZKTeco ZEM800

2023-09-0411:23:06

CWE-639

INCIBE

www.cve.org

zkteco

zem800

idor

vulnerability

local attacker

user backup

device configuration

files

local network

vpn server

CVSS3

8.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

AI Score

8.1

Confidence

High

EPSS

Percentile

5.1%

JSON

An IDOR vulnerability has been found in ZKTeco ZEM800 product affecting version 6.60. This vulnerability allows a local attacker to obtain registered user backup files or device configuration files over a local network or through a VPN server.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ZEM800",
    "vendor": "ZKTeco ",
    "versions": [
      {
        "status": "affected",
        "version": "6.60"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/insecure-direct-object-reference-zkteco-zem800

CVSS3

8.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

AI Score

8.1

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2023-4587