ГлавнаяУязвимости → CVE-2016-20025
8.8высокая

CVE-2016-20025

Описание

ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with malicious code for privilege escalation.

CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://cxsecurity.com/issue/WLB-2016080265https://exchange.xforce.ibmcloud.com/vulnerabilities/116486https://packetstormsecurity.com/files/138566https://www.exploit-db.com/exploits/40323/https://www.vulncheck.com/advisories/zkteco-zkaccess-professional-privilege-escalation-via-insecure-permissionshttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5361.php