Vulnerabilities > CVE-2020-17473 - Insufficient Session Expiration vulnerability in Zkteco Facedepot 7B Firmware and Zkbiosecurity Server

CVSS 5.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

high complexity

zkteco

CWE-613

NVD

Published: 2020-08-14

Updated: 2020-08-21

Summary

Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.

Vulnerable Configurations

Part	Description	Count
Application	Zkteco Zkteco Zkbiosecurity Server 1.0.0_20190723	1
OS	Zkteco Zkteco Facedepot 7B Firmware 1.0.213	1
Hardware	Zkteco Zkteco Facedepot 7B -	1

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

https://www.trendmicro.com/vinfo/us/threat-encyclopedia/vulnerability/8131/zkteco-facedepot-7b-10213-and-zkbiosecurity-server-10020190723-long-lasting-token-vulnerability