CVE-2023-3943 (GCVE-0-2023-3943)
Vulnerability from cvelistv5
Published
2024-05-21 13:32
Modified
2024-08-02 07:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Summary
Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions.
This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)
with firmware
ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZkTeco | ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 |
Version: ZAM170-NF-1.8.25-7354-Ver1.0.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "facedepot_7b",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartec_st_fr041me",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartec_st_fr043",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3943",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T15:03:22.339568Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:30.843Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-006.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0",
"vendor": "ZkTeco",
"versions": [
{
"status": "affected",
"version": "ZAM170-NF-1.8.25-7354-Ver1.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "The vulnerability was discovered by Georgy Kiguradze from Kaspersky"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions.\u003cbr\u003e\u003cp\u003e\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)\n\n with firmware \nZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.\n\n\n\n\u003c/p\u003e"
}
],
"value": "Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions.\n\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)\n\n with firmware \nZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100: Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-21T13:32:47.870Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-006.md"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2023-05-01T21:00:00.000Z",
"value": "Vulnerability discovered."
},
{
"lang": "en",
"time": "2023-09-19T14:00:00.000Z",
"value": "Initial request to PSIRT@zkteco.com."
},
{
"lang": "en",
"time": "2023-10-03T13:18:00.000Z",
"value": "Follow-up with PSIRT@zkteco.com due to no initial response."
},
{
"lang": "en",
"time": "2023-12-20T10:46:00.000Z",
"value": "Vulnerability reported to PSIRT@zkteco.com in plaintext."
},
{
"lang": "en",
"time": "2024-05-21T13:32:00.000Z",
"value": "No response from vendor; CVE details added to CVE.org."
}
],
"title": "Multiple buffer overflow in ZkTeco-based OEM devices",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2023-3943",
"datePublished": "2024-05-21T13:32:47.870Z",
"dateReserved": "2023-07-25T14:17:34.611Z",
"dateUpdated": "2024-08-02T07:08:50.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-006.md\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T07:08:50.662Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-3943\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-21T15:03:22.339568Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*\"], \"vendor\": \"zkteco\", \"product\": \"facedepot_7b\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"ZAM170-NF-1.8.25-7354-Ver1.0.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*\"], \"vendor\": \"zkteco\", \"product\": \"smartec_st_fr041me\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"ZAM170-NF-1.8.25-7354-Ver1.0.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*\"], \"vendor\": \"zkteco\", \"product\": \"smartec_st_fr043\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"ZAM170-NF-1.8.25-7354-Ver1.0.0\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-21T15:03:17.821Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"title\": \"Multiple buffer overflow in ZkTeco-based OEM devices\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"The vulnerability was discovered by Georgy Kiguradze from Kaspersky\"}], \"impacts\": [{\"capecId\": \"CAPEC-100\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-100: Overflow Buffers\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 10, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"ZkTeco\", \"product\": \"ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"ZAM170-NF-1.8.25-7354-Ver1.0.0\"}], \"defaultStatus\": \"unknown\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-05-01T21:00:00.000Z\", \"value\": \"Vulnerability discovered.\"}, {\"lang\": \"en\", \"time\": \"2023-09-19T14:00:00.000Z\", \"value\": \"Initial request to PSIRT@zkteco.com.\"}, {\"lang\": \"en\", \"time\": \"2023-10-03T13:18:00.000Z\", \"value\": \"Follow-up with PSIRT@zkteco.com due to no initial response.\"}, {\"lang\": \"en\", \"time\": \"2023-12-20T10:46:00.000Z\", \"value\": \"Vulnerability reported to PSIRT@zkteco.com in plaintext.\"}, {\"lang\": \"en\", \"time\": \"2024-05-21T13:32:00.000Z\", \"value\": \"No response from vendor; CVE details added to CVE.org.\"}], \"references\": [{\"url\": \"https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-006.md\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions.\\n\\nThis issue affects \\nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)\\n\\n with firmware \\nZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions.\u003cbr\u003e\u003cp\u003e\\nThis issue affects \\nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)\\n\\n with firmware \\nZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.\\n\\n\\n\\n\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-121\", \"description\": \"CWE-121: Stack-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"e45d732a-8f6b-4b6b-be76-7420f6a2b988\", \"shortName\": \"Kaspersky\", \"dateUpdated\": \"2024-05-21T13:32:47.870Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-3943\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T07:08:50.662Z\", \"dateReserved\": \"2023-07-25T14:17:34.611Z\", \"assignerOrgId\": \"e45d732a-8f6b-4b6b-be76-7420f6a2b988\", \"datePublished\": \"2024-05-21T13:32:47.870Z\", \"assignerShortName\": \"Kaspersky\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…