CVE-2023-3939

{"id": "CVE-2023-3939", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "vulnerability@kaspersky.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}]}, "published": "2024-05-21T10:15:09.683", "references": [{"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-002.md", "source": "vulnerability@kaspersky.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "vulnerability@kaspersky.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an OS Command ('OS \nCommand Injection') vulnerability in ZkTeco-based OEM devices allows OS \nCommand Injection. \nSince all the found command implementations are executed from the \nsuperuser, their impact is the maximum possible.\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly other."}, {"lang": "es", "value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo ('inyecci\u00f3n de comando del sistema operativo') en dispositivos OEM basados en ZkTeco permite la inyecci\u00f3n de comando del sistema operativo. Dado que todas las implementaciones de comandos encontradas se ejecutan desde el superusuario, su impacto es el m\u00e1ximo posible. Este problema afecta a los dispositivos OEM basados en ZkTeco (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME y posiblemente otros) con ZAM170-NF-1.8.25-7354-Ver1.0.0 y posiblemente otros."}], "lastModified": "2024-05-21T12:37:59.687", "sourceIdentifier": "vulnerability@kaspersky.com"}