Vulnerability Details CVE-2023-38951
ZKTeco BioTime 8.5.5 through 9.x before 9.0.1 (20240617.19506) allows authenticated attackers to create or overwrite arbitrary files on the server via crafted requests to /base/sftpsetting/ endpoints that abuse a path traversal issue in the Username field and a lack of input sanitization on the SSH Key field. Overwriting specific files may lead to arbitrary code execution as NT AUTHORITY\SYSTEM.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.5%
CVSS Severity
CVSS v3 Score 9.8
References
- https://claroty.com/team82/disclosure-dashboard/cve-2023-38951
- https://github.com/omair2084/biotime-rce-8.5.5/blob/main/biotime_enum.py
- https://krashconsulting.com/fury-of-fingers-biotime-rce/
- https://www.zkteco.com/en/ZKBio_Time/ZKBioTime#Download
- https://www.zkteco.com/en/announcement
- http://zkteco.com
- https://claroty.com/team82/disclosure-dashboard/cve-2023-38951
- https://sploitus.com/exploit?id=PACKETSTORM:177859