CVE-2023-4587 - OpenCVE

An IDOR vulnerability has been found in ZKTeco ZEM800 product affecting version 6.60. This vulnerability allows a local attacker to obtain registered user backup files or device configuration files over a local network or through a VPN server.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Zkteco	Zem800 Zem800 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:zkteco:zem800_firmware:6.60:*:*:*:*:*:*:*

cpe:2.3:h:zkteco:zem800:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.incibe.es/en/incibe-cert/notices/aviso/insecure-direct-object-reference-zkteco-zem800	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: INCIBE

Published: 2023-09-04T11:23:06.896Z

Updated: 2024-06-04T17:27:24.326Z

Reserved: 2023-08-29T07:42:12.425Z

Link: CVE-2023-4587

JSON object: View

NVD Information

Status : Modified

Published: 2023-09-04T12:15:10.760

Modified: 2024-06-04T19:17:54.610

Link: CVE-2023-4587

JSON object: View

Redhat Information

No data.

CWE

CWE-639

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4587", "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "state": "PUBLISHED", "assignerShortName": "INCIBE", "dateReserved": "2023-08-29T07:42:12.425Z", "datePublished": "2023-09-04T11:23:06.896Z", "dateUpdated": "2024-06-04T17:27:24.326Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ZEM800", "vendor": "ZKTeco ", "versions": [{"status": "affected", "version": "6.60"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "David Ut\u00f3n Amaya (m3n0sd0n4ld)"}], "datePublic": "2023-09-04T10:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An IDOR vulnerability has been found in ZKTeco ZEM800 product affecting version 6.60. This vulnerability allows a local attacker to obtain registered user backup files or device configuration files over a local network or through a VPN server."}], "value": "An IDOR vulnerability has been found in ZKTeco ZEM800 product affecting version 6.60. This vulnerability allows a local attacker to obtain registered user backup files or device configuration files over a local network or through a VPN server."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2023-09-04T11:23:06.896Z"}, "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/insecure-direct-object-reference-zkteco-zem800"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The gama has been updated and it is recommended to upgrade to the latest version available."}], "value": "The gama has been updated and it is recommended to upgrade to the latest version available."}], "source": {"discovery": "EXTERNAL"}, "tags": ["unsupported-when-assigned"], "title": "Insecure direct object reference in ZKTeco ZEM800", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-4587", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-28T19:31:52.093254Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:zkteco:zem800:-:*:*:*:*:*:*:*"], "vendor": "zkteco", "product": "zem800", "versions": [{"status": "affected", "version": "6.60"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:27:24.326Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zkteco:zem800_firmware:6.60:*:*:*:*:*:*:*", "matchCriteriaId": "A141C52A-A102-4637-825C-631603AFE047", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zkteco:zem800:-:*:*:*:*:*:*:*", "matchCriteriaId": "861E1B88-7815-4286-99DE-6AA4E2F27AAA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An IDOR vulnerability has been found in ZKTeco ZEM800 product affecting version 6.60. This vulnerability allows a local attacker to obtain registered user backup files or device configuration files over a local network or through a VPN server."}, {"lang": "es", "value": "** NO COMPATIBLE CUANDO EST\u00c1 ASIGNADO ** ** una vulnerabilidad IDOR se ha encontrado en el producto ZKTeco ZEM800 que afecta a la versi\u00f3n 6.60.Esta vulnerabilidad permite a un atacante local obtener archivos de copia de seguridad de usuarios registrados o archivos de configuraci\u00f3n de dispositivos a trav\u00e9s de una red local o mediante un servidor VPN."}], "id": "CVE-2023-4587", "lastModified": "2024-06-04T19:17:54.610", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.5, "source": "cve-coordination@incibe.es", "type": "Secondary"}]}, "published": "2023-09-04T12:15:10.760", "references": [{"source": "cve-coordination@incibe.es", "tags": ["Third Party Advisory"], "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/insecure-direct-object-reference-zkteco-zem800"}], "sourceIdentifier": "cve-coordination@incibe.es", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-639"}], "source": "cve-coordination@incibe.es", "type": "Secondary"}]}