DATABASE RESOURCES PRICING ABOUT US

{"lastseen": "2020-04-01T19:05:38", "references": [], "description": "\nZKTeco ZKAccess Professional 3.5.3 - Insecure File Permissions Privilege Escalation", "edition": 1, "reporter": "LiquidWorm", "exploitpack": {"type": "local", "platform": "windows"}, "published": "2016-08-31T00:00:00", "title": "ZKTeco ZKAccess Professional 3.5.3 - Insecure File Permissions Privilege Escalation", "type": "exploitpack", "enchantments": {"dependencies": {}, "score": {"value": 0.9, "vector": "NONE"}, "backreferences": {"references": [{"type": "zeroscience", "idList": ["ZSL-2016-5361"]}]}, "exploitation": null, "vulnersScore": 0.9}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2016-08-31T00:00:00", "id": "EXPLOITPACK:8D1EDFE4FE147A427769417A2B785C77", "href": "", "viewCount": 14, "sourceData": "ZKTeco ZKAccess Professional 3.5.3 Insecure File Permissions\n\n\nVendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd\nProduct web page: http://www.zkteco.com\nAffected version: 3.5.3 (Build 0005)\n\nSummary: ZKAccess 3.5 is a desktop software which is suitable\nfor small and medium businesses application. Compatible with\nall ZKAccess standalone reader controllers, the software can\nsimultaneously manage access control and generate attendance\nreport. The brand new flat GUI design and humanized structure\nof new ZKAccess 3.5 will make your daily management more pleasant\nand convenient.\n\nDesc: ZKAccess suffers from an elevation of privileges vulnerability\nwhich can be used by a simple authenticated user that can change the\nexecutable file with a binary of choice. The vulnerability exist due\nto the improper permissions, with the 'M' flag (Modify) for 'Authenticated Users'\ngroup.\n\n\nTested on: Microsoft Windows 7 Ultimate SP1 (EN)\n Microsoft Windows 7 Professional SP1 (EN)\n\n\nVulnerability discovered by Gjoko 'LiquidWorm' Krstic\n @zeroscience\n\n\nAdvisory ID: ZSL-2016-5361\nAdvisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5361.php\n\n\n18.07.2016\n\n--\n\n\nC:\\ZKTeco>icacls ZKAccess3.5\nZKAccess3.5 BUILTIN\\Administrators:(I)(F)\n BUILTIN\\Administrators:(I)(OI)(CI)(IO)(F)\n NT AUTHORITY\\SYSTEM:(I)(F)\n NT AUTHORITY\\SYSTEM:(I)(OI)(CI)(IO)(F)\n BUILTIN\\Users:(I)(OI)(CI)(RX)\n NT AUTHORITY\\Authenticated Users:(I)(M)\n NT AUTHORITY\\Authenticated Users:(I)(OI)(CI)(IO)(M)\n\nSuccessfully processed 1 files; Failed processing 0 files", "cvss": {"score": 0.0, "vector": "NONE"}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 1659743467}}

{}