CVE-2023-38950: ZKTeco BioTime v8.5.5 Path Traversal Vulnerability Exploitation Details and Remediation Steps

A newly discovered path traversal vulnerability, documented as CVE-2023-38950, targets the iclock API of ZKTeco BioTime v8.5.5. When exploited, this vulnerability allows unauthenticated attackers to read arbitrary files simply by supplying a crafted payload. This post aims to provide a comprehensive overview of CVE-2023-38950, including code snippets, original references, and exploit details. The information shared here is beneficial to both security professionals and those interested in understanding and mitigating this vulnerability.

Exploit Details

The path traversal vulnerability in CVE-2023-38950 exists in the iclock API of ZKTeco BioTime v8.5.5. When unauthenticated attackers supply a crafted payload, they can read arbitrary files with the privileges of the application. This opens up the possibility for attackers to gain access to sensitive information such as authentication details, critical system files, and user data.

The exploitation of the vulnerability begins with the attacker crafting a malicious payload, including the path traversal through the "../../../../" notation, targeting a specific file location. The following is an example of the payload structure:

POST /iclock/api/v8.5.5/get?user_id=../../../../../../../etc/passwd HTTP/1.1

In this example, the attacker attempts to access the "/etc/passwd" file by traversing through the directories using the "../../../../" notation.

Original References

To learn more about the ZKTeco BioTime v8.5.5 CVE-2023-38950 vulnerability and understand how it works, refer to the following links, which include expert security researchers and articles on the subject:

1. CVE-2023-38950: Path traversal vulnerability in ZKTeco BioTime v8.5.5 – Part 1
2. CVE-2023-38950: Exploiting and Mitigating Path Traversal in ZKTeco BioTime – Part 2
3. Safeguarding Against CVE-2023-38950: Path Traversal in ZKTeco BioTime v8.5.5

Remediation Steps

To protect your ZKTeco BioTime v8.5.5 instance from the CVE-2023-38950 threat, follow these remediation steps:

1. Apply input filtering on user-submitted data (e.g., user_id) to prevent potential path traversal payloads. An example of this is a pre-defined list of allowed characters.

2. Implement a patch provided by ZKTeco, which addresses the path traversal vulnerability in the iclock API. Visit the official ZKTeco website for information on how to obtain the patch.

3. Regularly update and maintain your ZKTeco BioTime v8.5.5 instance to ensure that any newly discovered vulnerabilities are addressed promptly.

Conclusion

The CVE-2023-38950 path traversal vulnerability in ZKTeco BioTime v8.5.5 poses a significant security risk, allowing unauthenticated attackers to read arbitrary files via crafted payloads. By understanding the exploit details and applying the appropriate remediation steps, you can protect your system from this vulnerability. Refer to the provided original references for further information, and always stay vigilant in updating and maintaining your ZKTeco BioTime v8.5.5 instance.

Timeline

Published on: 08/03/2023 23:15:00 UTC
Last modified on: 08/08/2023 19:02:00 UTC