Vulnerability Details CVE-2023-38950
A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.825
EPSS Ranking 99.2%
CVSS Severity
CVSS v3 Score 7.5
Proposed Action
ZKTeco BioTime contains a path traversal vulnerability in the iclock API that allows an unauthenticated attacker to read arbitrary files via supplying a crafted payload.
Ransomware Campaign
Unknown
References
- http://zkteco.com
- https://claroty.com/team82/disclosure-dashboard/cve-2023-38950
- http://zkteco.com
- https://claroty.com/team82/disclosure-dashboard/cve-2023-38950
- https://sploitus.com/exploit?id=PACKETSTORM:177859
- https://www.fortinet.com/content/dam/fortinet/assets/reports/report-incident-response-middle-east.pdf