Path Traversal Vulnerability in ZKTeco BioTime Product
CVE-2023-38950

7.5HIGH

Key Information:

Vendor: Zkteco
Status: Biotime
Vendor: CVE Published:; 3 August 2023

What is CVE-2023-38950?

A path traversal vulnerability exists in the iclock API component of ZKTeco's BioTime product version 8.5.5. This flaw allows unauthenticated attackers to exploit the API by supplying crafted payloads, leading to unauthorized reading of arbitrary files on the server. Such vulnerabilities can expose sensitive data and pose significant security risks, particularly in enterprise environments.

References

http://zkteco.com

https://claroty.com/team82/disclosure-dashboard/cve-2023-...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 3, 2023
Vulnerability Reserved
Jul 25, 2023

Zkteco

What is CVE-2023-38950?

References

CVSS V3.1

Timeline