ZKTeco ZKAccess Professional 3.5.3 Insecure File Permissions

2017-12-29T00:00:00
ID SSV:97055
Type seebug
Reporter Root
Modified 2017-12-29T00:00:00

Description

Summary

ZKAccess 3.5 is a desktop software which is suitable for small and medium businesses application. Compatible with all ZKAccess standalone reader controllers, the software can simultaneously manage access control and generate attendance report. The brand new flat GUI design and humanized structure of new ZKAccess 3.5 will make your daily management more pleasant and convenient.

Description

ZKAccess suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'M' flag (Modify) for 'Authenticated Users' group.

Vendor

ZKTeco Inc. - http://www.zkteco.com

Affected Version

  • 3.5.3 (Build 0005)

Tested On

  • Microsoft Windows 7 Ultimate SP1 (EN)
  • Microsoft Windows 7 Professional SP1 (EN)

PoC

``` C:\ZKTeco>icacls ZKAccess3.5 ZKAccess3.5 BUILTIN\Administrators:(I)(F) BUILTIN\Administrators:(I)(OI)(CI)(IO)(F) NT AUTHORITY\SYSTEM:(I)(F) NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F) BUILTIN\Users:(I)(OI)(CI)(RX) NT AUTHORITY\Authenticated Users:(I)(M) NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(IO)(M)

Successfully processed 1 files; Failed processing 0 files ```