CVE-2023-3939 (GCVE-0-2023-3939)

Vulnerability from cvelistv5 – Published: 2024-05-21 09:45 – Updated: 2024-08-02 07:08
VLAI?
Summary
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in ZkTeco-based OEM devices allows OS Command Injection. Since all the found command implementations are executed from the superuser, their impact is the maximum possible. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly other.
Severity ?
10 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE
  • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
Vendor Product Version
ZkTeco ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 Affected: ZAM170-NF-1.8.25-7354-Ver1.0.0
Create a notification for this product.
Credits
The vulnerability was discovered by Georgy Kiguradze from Kaspersky
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "facedepot_7b",
            "vendor": "zkteco",
            "versions": [
              {
                "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                "status": "affected",
                "version": "-",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "smartec_st_fr043",
            "vendor": "zkteco",
            "versions": [
              {
                "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                "status": "affected",
                "version": "*",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "smartec_st_fr041me",
            "vendor": "zkteco",
            "versions": [
              {
                "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                "status": "affected",
                "version": "*",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3939",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-21T15:01:31.459687Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:17:32.124Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:08:50.765Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-002.md"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0",
          "vendor": "ZkTeco",
          "versions": [
            {
              "status": "affected",
              "version": "ZAM170-NF-1.8.25-7354-Ver1.0.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "The vulnerability was discovered by Georgy Kiguradze from Kaspersky"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\nImproper Neutralization of Special Elements used in an OS Command (\u0027OS \nCommand Injection\u0027) vulnerability in ZkTeco-based OEM devices allows OS \nCommand Injection. \nSince all the found command implementations are executed from the \nsuperuser, their impact is the maximum possible.\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly other.\n\n"
            }
          ],
          "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS \nCommand Injection\u0027) vulnerability in ZkTeco-based OEM devices allows OS \nCommand Injection. \nSince all the found command implementations are executed from the \nsuperuser, their impact is the maximum possible.\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \nand possibly other."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-88",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-88 OS Command Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-21T10:11:07.376Z",
        "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "shortName": "Kaspersky"
      },
      "references": [
        {
          "url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-002.md"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2023-04-27T21:00:00.000Z",
          "value": "Vulnerability discovered."
        },
        {
          "lang": "en",
          "time": "2023-09-19T14:00:00.000Z",
          "value": "Initial request to PSIRT@zkteco.com."
        },
        {
          "lang": "en",
          "time": "2023-10-03T13:18:00.000Z",
          "value": "Follow-up with PSIRT@zkteco.com due to no initial response."
        },
        {
          "lang": "en",
          "time": "2023-12-20T10:46:00.000Z",
          "value": "Vulnerability reported to PSIRT@zkteco.com in plaintext."
        },
        {
          "lang": "en",
          "time": "2024-05-21T09:44:00.000Z",
          "value": "No response from vendor; CVE details added to CVE.org."
        }
      ],
      "title": "Multiple command injection in ZkTeco-based OEM devices",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
    "assignerShortName": "Kaspersky",
    "cveId": "CVE-2023-3939",
    "datePublished": "2024-05-21T09:45:00.639Z",
    "dateReserved": "2023-07-25T13:51:45.777Z",
    "dateUpdated": "2024-08-02T07:08:50.765Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS \\nCommand Injection\u0027) vulnerability in ZkTeco-based OEM devices allows OS \\nCommand Injection. \\nSince all the found command implementations are executed from the \\nsuperuser, their impact is the maximum possible.\\nThis issue affects \\nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \\nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \\nand possibly other.\"}, {\"lang\": \"es\", \"value\": \"La neutralizaci\\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo (\u0027inyecci\\u00f3n de comando del sistema operativo\u0027) en dispositivos OEM basados en ZkTeco permite la inyecci\\u00f3n de comando del sistema operativo. Dado que todas las implementaciones de comandos encontradas se ejecutan desde el superusuario, su impacto es el m\\u00e1ximo posible. Este problema afecta a los dispositivos OEM basados en ZkTeco (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME y posiblemente otros) con ZAM170-NF-1.8.25-7354-Ver1.0.0 y posiblemente otros.\"}]",
      "id": "CVE-2023-3939",
      "lastModified": "2024-11-21T08:18:21.840",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"vulnerability@kaspersky.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 10.0, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 6.0}]}",
      "published": "2024-05-21T10:15:09.683",
      "references": "[{\"url\": \"https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-002.md\", \"source\": \"vulnerability@kaspersky.com\"}, {\"url\": \"https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-002.md\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "vulnerability@kaspersky.com",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"vulnerability@kaspersky.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-3939\",\"sourceIdentifier\":\"vulnerability@kaspersky.com\",\"published\":\"2024-05-21T10:15:09.683\",\"lastModified\":\"2024-11-21T08:18:21.840\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Neutralization of Special Elements used in an OS Command (\u0027OS \\nCommand Injection\u0027) vulnerability in ZkTeco-based OEM devices allows OS \\nCommand Injection. \\nSince all the found command implementations are executed from the \\nsuperuser, their impact is the maximum possible.\\nThis issue affects \\nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \\nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \\nand possibly other.\"},{\"lang\":\"es\",\"value\":\"La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo (\u0027inyecci\u00f3n de comando del sistema operativo\u0027) en dispositivos OEM basados en ZkTeco permite la inyecci\u00f3n de comando del sistema operativo. Dado que todas las implementaciones de comandos encontradas se ejecutan desde el superusuario, su impacto es el m\u00e1ximo posible. Este problema afecta a los dispositivos OEM basados en ZkTeco (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME y posiblemente otros) con ZAM170-NF-1.8.25-7354-Ver1.0.0 y posiblemente otros.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"vulnerability@kaspersky.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"vulnerability@kaspersky.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"references\":[{\"url\":\"https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-002.md\",\"source\":\"vulnerability@kaspersky.com\"},{\"url\":\"https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-002.md\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-002.md\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T07:08:50.765Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-3939\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-21T15:01:31.459687Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*\"], \"vendor\": \"zkteco\", \"product\": \"facedepot_7b\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"ZAM170-NF-1.8.25-7354-Ver1.0.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*\"], \"vendor\": \"zkteco\", \"product\": \"smartec_st_fr043\", \"versions\": [{\"status\": \"affected\", \"version\": \"*\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"ZAM170-NF-1.8.25-7354-Ver1.0.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*\"], \"vendor\": \"zkteco\", \"product\": \"smartec_st_fr041me\", \"versions\": [{\"status\": \"affected\", \"version\": \"*\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"ZAM170-NF-1.8.25-7354-Ver1.0.0\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-21T15:01:38.235Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"title\": \"Multiple command injection in ZkTeco-based OEM devices\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"The vulnerability was discovered by Georgy Kiguradze from Kaspersky\"}], \"impacts\": [{\"capecId\": \"CAPEC-88\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-88 OS Command Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 10, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"ZkTeco\", \"product\": \"ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"ZAM170-NF-1.8.25-7354-Ver1.0.0\"}], \"defaultStatus\": \"unknown\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-04-27T21:00:00.000Z\", \"value\": \"Vulnerability discovered.\"}, {\"lang\": \"en\", \"time\": \"2023-09-19T14:00:00.000Z\", \"value\": \"Initial request to PSIRT@zkteco.com.\"}, {\"lang\": \"en\", \"time\": \"2023-10-03T13:18:00.000Z\", \"value\": \"Follow-up with PSIRT@zkteco.com due to no initial response.\"}, {\"lang\": \"en\", \"time\": \"2023-12-20T10:46:00.000Z\", \"value\": \"Vulnerability reported to PSIRT@zkteco.com in plaintext.\"}, {\"lang\": \"en\", \"time\": \"2024-05-21T09:44:00.000Z\", \"value\": \"No response from vendor; CVE details added to CVE.org.\"}], \"references\": [{\"url\": \"https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-002.md\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS \\nCommand Injection\u0027) vulnerability in ZkTeco-based OEM devices allows OS \\nCommand Injection. \\nSince all the found command implementations are executed from the \\nsuperuser, their impact is the maximum possible.\\nThis issue affects \\nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \\nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \\nand possibly other.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\nImproper Neutralization of Special Elements used in an OS Command (\u0027OS \\nCommand Injection\u0027) vulnerability in ZkTeco-based OEM devices allows OS \\nCommand Injection. \\nSince all the found command implementations are executed from the \\nsuperuser, their impact is the maximum possible.\\nThis issue affects \\nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec \\nST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 \\nand possibly other.\\n\\n\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"e45d732a-8f6b-4b6b-be76-7420f6a2b988\", \"shortName\": \"Kaspersky\", \"dateUpdated\": \"2024-05-21T10:11:07.376Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-3939\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T07:08:50.765Z\", \"dateReserved\": \"2023-07-25T13:51:45.777Z\", \"assignerOrgId\": \"e45d732a-8f6b-4b6b-be76-7420f6a2b988\", \"datePublished\": \"2024-05-21T09:45:00.639Z\", \"assignerShortName\": \"Kaspersky\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.