Unauthenticated Information Disclosure in ZKTeco BioAccess IVS by ZKTeco
CVE-2023-38955

7.5HIGH

Key Information:

Vendor: Zkteco
Status: Bioaccess Ivs
Vendor: CVE Published:; 3 August 2023

What is CVE-2023-38955?

The ZKTeco BioAccess IVS v3.3.1 presents a significant security risk as it allows unauthenticated attackers to access sensitive information regarding all managed devices. This includes critical details such as IP addresses and device names, potentially leading to further exploitation. Organizations using this product need to assess their security measures and consider implementing patches or workarounds to safeguard against unauthorized access.

References

http://zkteco.com

https://claroty.com/team82/disclosure-dashboard/cve-2023-...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 3, 2023
Vulnerability Reserved
Jul 25, 2023

Zkteco

What is CVE-2023-38955?

References

CVSS V3.1

Timeline