← back
CVE-2023-38951

CVE-2023-38951

CVSS 9.8 CRITICALEPSS 3.2%CWE-22
Vexday Risk Score
48Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 9.8EPSS 3.2%KEV nãoPoC públicaNuclei Metasploit Patch
Lifecycle
03 Aug 2023Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
ZKTeco BioTime 8.5.5 through 9.x before 9.0.1 (20240617.19506) allows authenticated attackers to create or overwrite arbitrary files on the server via crafted requests to /base/sftpsetting/ endpoints that abuse a path traversal issue in the Username field and a lack of input sanitization on the SSH Key field. Overwriting specific files may lead to arbitrary code execution as NT AUTHORITY\SYSTEM.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found1
cve_referencesploitus.com/exploit?id=PACKETSTORM:177859unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://claroty.com/team82/disclosure-dashboard/cve-2023-38951https://github.com/omair2084/biotime-rce-8.5.5/blob/main/biotime_enum.pyhttps://krashconsulting.com/fury-of-fingers-biotime-rce/https://sploitus.com/exploit?id=PACKETSTORM:177859https://www.zkteco.com/en/announcementhttps://www.zkteco.com/en/ZKBio_Time/ZKBioTime#Downloadhttp://zkteco.com