CVE-2023-38951

ZKTeco BioTime 8.5.5 through 9.x before 9.0.1 (20240617.19506) allows authenticated attackers to create or overwrite arbitrary files on the server via crafted requests to /base/sftpsetting/ endpoints that abuse a path traversal issue in the Username field and a lack of input sanitization on the SSH Key field. Overwriting specific files may lead to arbitrary code execution as NT AUTHORITY\SYSTEM.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
VendorProductVersion
zktecobiotime
8.5.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://claroty.com/team82/disclosure-dashboard/cve-2023-38951
https://github.com/omair2084/biotime-rce-8.5.5/blob/main/biotime_enum.py
https://krashconsulting.com/fury-of-fingers-biotime-rce/
https://www.zkteco.com/en/ZKBio_Time/ZKBioTime#Download
https://www.zkteco.com/en/announcement
http://zkteco.com
https://claroty.com/team82/disclosure-dashboard/cve-2023-38951
https://sploitus.com/exploit?id=PACKETSTORM:177859