Access Control Flaw in ZKTeco BioAccess IVS Remote Management
CVE-2023-38958

5.3MEDIUM

Key Information:

Vendor: Zkteco
Status: Bioaccess Ivs
Vendor: CVE Published:; 3 August 2023

What is CVE-2023-38958?

An access control vulnerability in ZKTeco BioAccess IVS v3.3.1 exposes the system to unauthorized manipulation. Unauthenticated attackers can exploit this flaw to send specially crafted web requests, granting them the capability to remotely open and close doors managed by the BioAccess platform. This security oversight poses significant risks to physical security, highlighting the importance of robust access controls.

References

http://zkteco.com

https://claroty.com/team82/disclosure-dashboard/cve-2023-...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 3, 2023
Vulnerability Reserved
Jul 25, 2023

Zkteco

What is CVE-2023-38958?

References

CVSS V3.1

Timeline