1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. ZKTeco BioTime Path Traversal Vulnerability

Known Exploited Vulnerabilities CVE-2023-38950

ZKTeco BioTime contains a path traversal vulnerability in the iclock API that allows an unauthenticated attacker to read arbitrary files via supplying a crafted payload.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2023-38950 ZKTeco BioTime Path Traversal Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
This directory traversal vulnerability, if exploited using a malicious payload in an HTTP GET request, allows an unauthenticated attacker to access and read arbitrary files, leading to potential exfiltration/disclosure.
References
  1. https://ethicalhacking.uk/cve-2021-43798-dissecting-the-grafana-path-traversal-vulnerability/#gsc.tab=0
CVE-2023-38950 ZKTeco BioTime Path Traversal Vulnerability primary_impact T1005 Data from Local System
Comments
This directory traversal vulnerability, if exploited using a malicious payload in an HTTP GET request, allows an unauthenticated attacker to access and read arbitrary files, leading to potential exfiltration/disclosure.
References
  1. https://ethicalhacking.uk/cve-2021-43798-dissecting-the-grafana-path-traversal-vulnerability/#gsc.tab=0