CVE-2023-3943 (GCVE-0-2023-3943)

Vulnerability from cvelistv5 – Published: 2024-05-21 13:32 – Updated: 2024-08-02 07:08
VLAI?
Summary
Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.
Severity ?
10 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
Vendor Product Version
ZkTeco ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 Affected: ZAM170-NF-1.8.25-7354-Ver1.0.0
Create a notification for this product.
Credits
The vulnerability was discovered by Georgy Kiguradze from Kaspersky
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "facedepot_7b",
            "vendor": "zkteco",
            "versions": [
              {
                "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "smartec_st_fr041me",
            "vendor": "zkteco",
            "versions": [
              {
                "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "smartec_st_fr043",
            "vendor": "zkteco",
            "versions": [
              {
                "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3943",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-21T15:03:22.339568Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:17:30.843Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:08:50.662Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-006.md"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0",
          "vendor": "ZkTeco",
          "versions": [
            {
              "status": "affected",
              "version": "ZAM170-NF-1.8.25-7354-Ver1.0.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "The vulnerability was discovered by Georgy Kiguradze from Kaspersky"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions.\u003cbr\u003e\u003cp\u003e\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)\n\n with firmware \nZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.\n\n\n\n\u003c/p\u003e"
            }
          ],
          "value": "Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions.\n\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)\n\n with firmware \nZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100: Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-21T13:32:47.870Z",
        "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "shortName": "Kaspersky"
      },
      "references": [
        {
          "url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-006.md"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2023-05-01T21:00:00.000Z",
          "value": "Vulnerability discovered."
        },
        {
          "lang": "en",
          "time": "2023-09-19T14:00:00.000Z",
          "value": "Initial request to PSIRT@zkteco.com."
        },
        {
          "lang": "en",
          "time": "2023-10-03T13:18:00.000Z",
          "value": "Follow-up with PSIRT@zkteco.com due to no initial response."
        },
        {
          "lang": "en",
          "time": "2023-12-20T10:46:00.000Z",
          "value": "Vulnerability reported to PSIRT@zkteco.com in plaintext."
        },
        {
          "lang": "en",
          "time": "2024-05-21T13:32:00.000Z",
          "value": "No response from vendor; CVE details added to CVE.org."
        }
      ],
      "title": "Multiple buffer overflow in ZkTeco-based OEM devices",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
    "assignerShortName": "Kaspersky",
    "cveId": "CVE-2023-3943",
    "datePublished": "2024-05-21T13:32:47.870Z",
    "dateReserved": "2023-07-25T14:17:34.611Z",
    "dateUpdated": "2024-08-02T07:08:50.662Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions.\\n\\nThis issue affects \\nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)\\n\\n with firmware \\nZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.\"}, {\"lang\": \"es\", \"value\": \" La vulnerabilidad de desbordamiento del b\\u00fafer basado en pila en dispositivos OEM basados en ZkTeco permite, en algunos casos, la ejecuci\\u00f3n de c\\u00f3digo arbitrario. Debido a la falta de mecanismos de protecci\\u00f3n como stack canaries y PIE, es posible ejecutar c\\u00f3digo con \\u00e9xito incluso en condiciones restrictivas. Este problema afecta a dispositivos OEM basados en ZkTeco (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME y posiblemente otros) con firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 y posiblemente otros.\"}]",
      "id": "CVE-2023-3943",
      "lastModified": "2024-11-21T08:18:22.410",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"vulnerability@kaspersky.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 10.0, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 6.0}]}",
      "published": "2024-05-21T14:15:11.557",
      "references": "[{\"url\": \"https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-006.md\", \"source\": \"vulnerability@kaspersky.com\"}, {\"url\": \"https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-006.md\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "vulnerability@kaspersky.com",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"vulnerability@kaspersky.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-121\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-3943\",\"sourceIdentifier\":\"vulnerability@kaspersky.com\",\"published\":\"2024-05-21T14:15:11.557\",\"lastModified\":\"2024-11-21T08:18:22.410\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions.\\n\\nThis issue affects \\nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)\\n\\n with firmware \\nZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.\"},{\"lang\":\"es\",\"value\":\" La vulnerabilidad de desbordamiento del b\u00fafer basado en pila en dispositivos OEM basados en ZkTeco permite, en algunos casos, la ejecuci\u00f3n de c\u00f3digo arbitrario. Debido a la falta de mecanismos de protecci\u00f3n como stack canaries y PIE, es posible ejecutar c\u00f3digo con \u00e9xito incluso en condiciones restrictivas. Este problema afecta a dispositivos OEM basados en ZkTeco (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME y posiblemente otros) con firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 y posiblemente otros.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"vulnerability@kaspersky.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"vulnerability@kaspersky.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-121\"}]}],\"references\":[{\"url\":\"https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-006.md\",\"source\":\"vulnerability@kaspersky.com\"},{\"url\":\"https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-006.md\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-006.md\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T07:08:50.662Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-3943\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-21T15:03:22.339568Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*\"], \"vendor\": \"zkteco\", \"product\": \"facedepot_7b\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"ZAM170-NF-1.8.25-7354-Ver1.0.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*\"], \"vendor\": \"zkteco\", \"product\": \"smartec_st_fr041me\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"ZAM170-NF-1.8.25-7354-Ver1.0.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*\"], \"vendor\": \"zkteco\", \"product\": \"smartec_st_fr043\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"ZAM170-NF-1.8.25-7354-Ver1.0.0\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-21T15:03:17.821Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"title\": \"Multiple buffer overflow in ZkTeco-based OEM devices\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"The vulnerability was discovered by Georgy Kiguradze from Kaspersky\"}], \"impacts\": [{\"capecId\": \"CAPEC-100\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-100: Overflow Buffers\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 10, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"ZkTeco\", \"product\": \"ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"ZAM170-NF-1.8.25-7354-Ver1.0.0\"}], \"defaultStatus\": \"unknown\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-05-01T21:00:00.000Z\", \"value\": \"Vulnerability discovered.\"}, {\"lang\": \"en\", \"time\": \"2023-09-19T14:00:00.000Z\", \"value\": \"Initial request to PSIRT@zkteco.com.\"}, {\"lang\": \"en\", \"time\": \"2023-10-03T13:18:00.000Z\", \"value\": \"Follow-up with PSIRT@zkteco.com due to no initial response.\"}, {\"lang\": \"en\", \"time\": \"2023-12-20T10:46:00.000Z\", \"value\": \"Vulnerability reported to PSIRT@zkteco.com in plaintext.\"}, {\"lang\": \"en\", \"time\": \"2024-05-21T13:32:00.000Z\", \"value\": \"No response from vendor; CVE details added to CVE.org.\"}], \"references\": [{\"url\": \"https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-006.md\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions.\\n\\nThis issue affects \\nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)\\n\\n with firmware \\nZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions.\u003cbr\u003e\u003cp\u003e\\nThis issue affects \\nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)\\n\\n with firmware \\nZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.\\n\\n\\n\\n\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-121\", \"description\": \"CWE-121: Stack-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"e45d732a-8f6b-4b6b-be76-7420f6a2b988\", \"shortName\": \"Kaspersky\", \"dateUpdated\": \"2024-05-21T13:32:47.870Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-3943\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T07:08:50.662Z\", \"dateReserved\": \"2023-07-25T14:17:34.611Z\", \"assignerOrgId\": \"e45d732a-8f6b-4b6b-be76-7420f6a2b988\", \"datePublished\": \"2024-05-21T13:32:47.870Z\", \"assignerShortName\": \"Kaspersky\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.