Lucene search

[email protected]NVD:CVE-2023-4587

HistorySep 04, 2023 - 12:15 p.m.

CVE-2023-4587

2023-09-0412:15:10

CWE-639

[email protected]

web.nvd.nist.gov

idor

zkteco zem800

version 6.60

local attacker

user backup files

device configuration files

local network

vpn server

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

Percentile

5.1%

JSON

An IDOR vulnerability has been found in ZKTeco ZEM800 product affecting version 6.60. This vulnerability allows a local attacker to obtain registered user backup files or device configuration files over a local network or through a VPN server.

Affected configurations

Nvd

Node

zktecozem800_firmwareMatch6.60

AND

zktecozem800Match-

VendorProductVersionCPE
zktecozem800_firmware6.60cpe:2.3:o:zkteco:zem800_firmware:6.60:*:*:*:*:*:*:*
zktecozem800-cpe:2.3:h:zkteco:zem800:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zkteco	zem800_firmware	6.60	cpe:2.3:o:zkteco:zem800_firmware:6.60:::::::*
zkteco	zem800	-	cpe:2.3:h:zkteco:zem800:-:::::::*

References

www.incibe.es/en/incibe-cert/notices/aviso/insecure-direct-object-reference-zkteco-zem800

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2023-4587

vulnrichment1 cve1 cvelist1 prion1