Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions

🗓️ 30 Aug 2016 00:00:00Reported by Gjoko KrsticType 
zeroscience
 zeroscience🔗 www.zeroscience.mk👁 1179 Views

ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions. Privilege escalation vulnerability due to improper file permissions, allowing simple users to change the executable file. No vendor response

Related
Code
ReporterTitlePublishedViews
Family
ATTACKERKB		CVE-2016-20024
15 Mar 202613:35
attackerkb
CNNVD		ZKTeco ZKTime.Net 安全漏洞
16 Mar 202600:00
cnnvd
CVE		CVE-2016-20024
15 Mar 202613:35
cve
Cvelist		CVE-2016-20024 ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation
15 Mar 202613:35
cvelist
EUVD		EUVD-2016-10803
16 Mar 202615:30
euvd
NVD		CVE-2016-20024
16 Mar 202614:17
nvd
Positive Technologies		PT-2026-25664
15 Mar 202600:00
ptsecurity
Vulnrichment		CVE-2016-20024 ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation
15 Mar 202613:35
vulnrichment
<html><body><p>ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions


Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd
Product web page: http://www.zkteco.com
Affected version: 3.0.1.6
                  3.0.1.5 (160622)
                  3.0.1.1 (160216)

Summary: ZKTime.Net V3.0 is a new generation time attendance
management software. Meanwhile, it integrates with time attendance
and access control system. Some frequently used functions such as
attendance reports, device management and employee management can
be managed directly on the home page which providing excellent user
experience. Owing to the Pay code function, it can generate both
time attendance records and corresponding payroll in the software
and easy to merge with the most ERP and Payroll software, which can
rapidly upgrade your working efficiency. The brand new flat GUI design
and humanized structure will make your daily management more pleasant
and convenient.

Desc: ZKTime.Net suffers from an elevation of privileges vulnerability
which can be used by a simple user that can change the executable file
with a binary of choice. The vulnerability exist due to the improper
permissions, with the 'C' flag (Change) for 'Everyone' group, making the
entire directory 'ZKTimeNet3.0' and its files and sub-dirs world-writable.

Tested on: Microsoft Windows 7 Ultimate SP1 (EN)
           Microsoft Windows 7 Professional SP1 (EN)


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2016-5360
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5360.php


18.07.2016

--


C:\&gt;showacls "c:\Program Files (x86)\ZKTimeNet3.0"
c:\Program Files (x86)\ZKTimeNet3.0
                Everyone                  Change [RWXD]
                NT SERVICE\TrustedInstaller Special Access [A]
                NT AUTHORITY\SYSTEM       Special Access [A]
                BUILTIN\Administrators    Special Access [A]
                BUILTIN\Users             Special Access [RX]
                CREATOR OWNER             Special Access [A]


C:\&gt;showacls "c:\Program Files (x86)\ZKTimeNet3.0\ZKTimeNet.exe"
c:\Program Files (x86)\ZKTimeNet3.0\ZKTimeNet.exe
                Everyone                  Change [RWXD]



C:\Program Files (x86)&gt;cacls ZKTimeNet3.0
C:\Program Files (x86)\ZKTimeNet3.0 Everyone:(OI)(CI)C
                                    NT SERVICE\TrustedInstaller:(ID)F
                                    NT SERVICE\TrustedInstaller:(CI)(IO)(ID)F
                                    NT AUTHORITY\SYSTEM:(ID)F
                                    NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(ID)F
                                    BUILTIN\Administrators:(ID)F
                                    BUILTIN\Administrators:(OI)(CI)(IO)(ID)F
                                    BUILTIN\Users:(ID)R
                                    BUILTIN\Users:(OI)(CI)(IO)(ID)(special access:)
                                                                  GENERIC_READ
                                                                  GENERIC_EXECUTE

                                    CREATOR OWNER:(OI)(CI)(IO)(ID)F


C:\Program Files (x86)\ZKTimeNet3.0&gt;cacls *.exe
C:\Program Files (x86)\ZKTimeNet3.0\LanguageTranslate.exe Everyone:C
                                                          Everyone:(ID)C
                                                          NT AUTHORITY\SYSTEM:(ID)F
                                                          BUILTIN\Administrators:(ID)F
                                                          BUILTIN\Users:(ID)R

C:\Program Files (x86)\ZKTimeNet3.0\unins000.exe Everyone:(ID)C
                                                 NT AUTHORITY\SYSTEM:(ID)F
                                                 BUILTIN\Administrators:(ID)F
                                                 BUILTIN\Users:(ID)R

C:\Program Files (x86)\ZKTimeNet3.0\ZKTimeNet.DBTT.exe Everyone:C
                                                       Everyone:(ID)C
                                                       NT AUTHORITY\SYSTEM:(ID)F
                                                       BUILTIN\Administrators:(ID)F
                                                       BUILTIN\Users:(ID)R

C:\Program Files (x86)\ZKTimeNet3.0\ZKTimeNet.exe Everyone:C
                                                  Everyone:(ID)C
                                                  NT AUTHORITY\SYSTEM:(ID)F
                                                  BUILTIN\Administrators:(ID)F
                                                  BUILTIN\Users:(ID)R

C:\Program Files (x86)\ZKTimeNet3.0\ZKTimeNet.Update.exe Everyone:C
                                                         Everyone:(ID)C
                                                         NT AUTHORITY\SYSTEM:(ID)F
                                                         BUILTIN\Administrators:(ID)F
                                                         BUILTIN\Users:(ID)R

C:\Program Files (x86)\ZKTimeNet3.0\ZKTimeNet.ZKTime5DB.exe Everyone:C
                                                            Everyone:(ID)C
                                                            NT AUTHORITY\SYSTEM:(ID)F
                                                            BUILTIN\Administrators:(ID)F
                                                            BUILTIN\Users:(ID)R

</p></body></html>

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
30 Aug 2016 00:00Current
5.9Medium risk
Vulners AI Score5.9
CVSS 49.3
CVSS 3.19.8
EPSS0.0003
SSVC
zkteco zktime.netinsecure file permissionsprivilege escalationvendor statusvulnerability discovered
1179