CVE-2017-17056

{"id": "CVE-2017-17056", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2017-12-04T14:29:00.200", "references": [{"url": "http://packetstormsecurity.com/files/145160/ZKTeco-ZKTime-Web-2.0.1.12280-Cross-Site-Request-Forgery.html", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/102007", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/145160/ZKTeco-ZKTime-Web-2.0.1.12280-Cross-Site-Request-Forgery.html", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/102007", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevate the privileges of the application user using a 'password_change()' function of the Modify Password component, reachable via the old_password, new_password1, and new_password2 parameters to the /accounts/password_change/ URI. An attacker takes advantage of this scenario and creates a crafted CSRF link to add himself as an administrator to the ZKTime Web Software. He then uses social engineering methods to trick the administrator into clicking the forged HTTP request. The request is executed and the attacker becomes the Administrator of the ZKTime Web Software. If the vulnerability is successfully exploited, then an attacker (who would be a normal user of the web application) can escalate his privileges and become the administrator of ZKTime Web Software."}, {"lang": "es", "value": "ZKTime Web Software 2.0.1.12280 permite que el administrador eleve los privilegios del usuario de la aplicaci\u00f3n empleando una funci\u00f3n \"password_change()\" del componente Modify Password, alcanzable mediante los par\u00e1metros old_password, new_password1 y new_password2 en el URI /accounts/password_change/. Un atacante se aprovecha de este escenario y crea un enlace CSRF manipulado para a\u00f1adirse a s\u00ed mismo como administrador de ZKTime Web Software. Despu\u00e9s, emplea m\u00e9todos de ingenier\u00eda social para enga\u00f1ar al administrador y que haga clic en la petici\u00f3n HTTP falsificada. La petici\u00f3n se ejecuta y el atacante se convierte en el Administrador de ZKTime Web Software. Si la vulnerabilidad se explota con \u00e9xito, un atacante (que ser\u00eda un usuario normal de la aplicaci\u00f3n web) puede escalar sus privilegios y convertirse en el administrador de ZKTime Web Software."}], "lastModified": "2024-11-21T03:17:24.617", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zkteco:zktime_web:2.0.1.12280:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48A66D7A-0989-48D3-A4C7-FF847300A6AB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}