Zurück zur CVE-Übersicht
CVE-2016-20025
HIGH(8.8)CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Risk Signal Score22/100 — NIEDRIG
- CVSS 8.8 — Hoch
EPSS-Score
0%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
8.8
Technische Schwere
Beschreibung
ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with malicious code for privilege escalation.
Referenzen
- https://cxsecurity.com/issue/WLB-2016080265
- https://exchange.xforce.ibmcloud.com/vulnerabilities/116486
- https://packetstormsecurity.com/files/138566
- https://www.exploit-db.com/exploits/40323/
- https://www.vulncheck.com/advisories/zkteco-zkaccess-professional-privilege-esca...
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5361.php