Remote Information Exposure in ZKTeco ZKTime Product
CVE-2017-14680

7.5HIGH

Key Information:

Vendor: Zkteco
Status: Zktime Web
Vendor: CVE Published:; 21 September 2017

What is CVE-2017-14680?

The ZKTeco ZKTime Web 2.0.1.12280 is vulnerable to remote information exposure, where attackers can exploit a direct request for a PDF document to access sensitive employee metadata. This vulnerability potentially allows unauthorized individuals to obtain critical information about personnel, raising serious security concerns for organizations using this product.

References

http://seclists.org/bugtraq/2017/Sep/20

x_refsource_MISC

http://seclists.org/fulldisclosure/2017/Sep/39

x_refsource_MISC

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 21, 2017

Zkteco

What is CVE-2017-14680?

References

EPSS Score

CVSS V3.1

Timeline