CVE Catalog

CVE-2016-20024

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Summary

ZKTeco ZKTime.Net version 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with malicious binaries.

Risk Assessment

This vulnerability poses a risk of privilege escalation, which could lead to unauthorized access to the system and its resources. The organization may be exposed to serious data security threats.

Recommendation

It is recommended to review and adjust file permissions in the ZKTimeNet3.0 directory to prevent unauthorized users from modifying executable files. A security audit of the system should also be conducted to identify and mitigate potential threats.

Original NVD description (English source)

ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with malicious binaries for privilege escalation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS