Access Control Flaw in ZKTeco ZKBio WDMS Software
CVE-2024-22988

9.8CRITICAL

Key Information:

Vendor: ZKTeco
Status: ZKBio WDMS
Vendor: CVE Published:; 23 February 2024

What is CVE-2024-22988?

A significant security flaw exists in ZKTeco's ZKBio WDMS version 8.0.5 that enables an attacker to exploit the /files/backup/ component, leading to arbitrary code execution. This vulnerability can be leveraged by unauthorized users to manipulate the system, potentially compromising sensitive data and affecting the integrity of the software environment. It's crucial for users to apply necessary security patches and updates to mitigate this risk.

References

https://zkteco.com

https://gist.github.com/whiteman007/b50a9b64007a5d7bcb7a8...

https://www.vicarius.io/vsociety/posts/revealing-cve-2024...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 23, 2024
Vulnerability Reserved
Jan 11, 2024