← Advisories

ZKTeco ZKAccess Professional 3.5.3 Insecure File Permissions

Low

Advisory ID

ZSL-2016-5361

Release Date

30 August 2016

Vendor

ZKTeco Inc. - http://www.zkteco.com

Affected Version

3.5.3 (Build 0005)

CVE

CVE-2016-20025

Tested On

Microsoft Windows 7 Ultimate SP1 (EN), Microsoft Windows 7 Professional SP1 (EN)

Summary

ZKAccess 3.5 is a desktop software which is suitable for small and medium businesses application. Compatible with all ZKAccess standalone reader controllers, the software can simultaneously manage access control and generate attendance report. The brand new flat GUI design and humanized structure of new ZKAccess 3.5 will make your daily management more pleasant and convenient.

Description

ZKAccess suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'M' flag (Modify) for 'Authenticated Users' group.

Proof of Concept

zkaccess_eop.txtTXT

Disclosure Timeline

18.07.2016Vulnerability discovered.

27.07.2016Vendor contacted.

29.08.2016No response from the vendor.

30.08.2016Public security advisory released.

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]https://cxsecurity.com/issue/WLB-2016080265

[2]https://exchange.xforce.ibmcloud.com/vulnerabilities/116486

[3]https://packetstormsecurity.com/files/138566

[4]https://www.exploit-db.com/exploits/40323/

[5]https://www.cve.org/CVERecord?id=CVE-2016-20025

Changelog

30.08.2016Initial release

26.09.2016Added reference [1], [2], [3] and [4]

24.03.2026Added reference [5]