CVE-2023-38952

HIGH EXPLOITED NUCLEI

ZKTeco BioTime <9.0.1 - Privilege Escalation

Title source: llm

Exploitation Summary

CVE-2023-38952 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.

Description

Insecure access control in ZKTeco BioTime through 9.0.1 allows authenticated attackers to escalate their privileges due to the fact that session ids are not validated for the type of user accessing the application by default. Privilege restrictions between non-admin and admin users are not enforced and any authenticated user can leverage admin functions without restriction by making direct requests to administrative endpoints.

Nuclei Templates (1)

ZKTeco BioTime <= 9.0.1 - Privilege Escalation

HIGHVERIFIEDby riteshs4hu

Shodan: http.html:"ZKTeco Security"

FOFA: body="ZKTeco Security"

References (5)

Core 5

Core References

Various Sources

https://github.com/omair2084/biotime-rce-8.5.5/blob/main/biotime_enum.py

View Writeup ZIP pw:eip

Various Sources

https://krashconsulting.com/fury-of-fingers-biotime-rce/

Various Sources

https://sploitus.com/exploit?id=PACKETSTORM:177859

Product

http://zkteco.com

Third Party Advisory

https://claroty.com/team82/disclosure-dashboard/cve-2023-38952

Scores

CVSS v3 7.5

EPSS 0.0244

EPSS Percentile 82.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

VulnCheck KEV 2025-05-02

CWE

CWE-552

Status published

Products (1)

zkteco/biotime 8.5.5

Published Aug 03, 2023

Tracked Since Feb 18, 2026