CVE-2023-3943 Vulnerability Details

  /     /     /  

CVE-2023-3943 Metadata Quick Info

CVE Published: 21/05/2024 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: Kaspersky | Vendor: ZkTeco | Product: ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0
Status : PUBLISHED

CVE-2023-3943 Description

Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.

Metrics

CVSS Version: 3.1 | Base Score: 10 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-121
CWE Name: CWE-121: Stack-based Buffer Overflow
Source: ZkTeco

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-100
CAPEC Description: CAPEC-100: Overflow Buffers