ZKTeco ZKTime.Net Privilege Escalation Vulnerability Due to Insecure File Permissions
Vulnerability
A vulnerability allowing privilege escalation through insecure file permissions has been identified in ZKTeco ZKTime.Net versions 3.0.1.6, 3.0.1.5 (160622), and 3.0.1.1 (160216). This vulnerability arises because the 'ZKTimeNet3.0' directory and its contents are world-writable, allowing unprivileged users to modify executable files. Exploitation involves replacing these files with malicious binaries to gain elevated privileges.
Impact
Exploitation of this vulnerability allows local authenticated users to escalate privileges on the system by replacing executable files with malicious ones.
Reproduction
The vulnerability can be reproduced by an authenticated user who has access to the ZKTime.Net application. The user can take advantage of the world-writable permissions in the 'ZKTimeNet3.0' directory. By replacing the original executable files with modified ones, the user can execute the malicious binaries to gain elevated privileges.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.