¿Íµ¤¤¢¤ëÀ¸ÂÎǧ¾Ú¥Ç¥Ð¥¤¥¹¤ËÀȼåÀ¡¢ºÙ¹©¤·¤¿QR¥³¡¼¥É¤Çǧ¾Ú²Äǽ
Kaspersky Lab¤Ï6·î11Æü(¸½ÃÏ»þ´Ö)¡¢¡ÖAnalyzing the security properties of a ZKTeco biometric terminal¡ÃSecurelist¡×¤Ë¤ª¤¤¤Æ¡¢Ãæ¹ñ¤ÎZkTeco¤¬³«È¯¤·¤¿À¸ÂÎǧ¾Ú¥Ç¥Ð¥¤¥¹¤«¤éÊ£¿ô¤ÎÀȼåÀ¤òȯ¸«¤·¤¿¤ÈÊ󤸤¿¡£ZkTeco¤ÏÀ¸ÂÎǧ¾Ú¥Ç¥Ð¥¤¥¹¤òOEM(Original Equipment Manufacturing)¶¡µë¤·¤Æ¤ª¤ê¡¢¤½¤ì¤é¥Ç¥Ð¥¤¥¹¤â±Æ¶Á¤ò¼õ¤±¤ë¤ÈÀâÌÀ¤·¤Æ¤¤¤ë¡£
Analyzing the security properties of a ZKTeco biometric terminal¡ÃSecurelist
¡ûÀȼåÀ¤Î¾ðÊó
ȯ¸«¤µ¤ì¤¿ÀȼåÀ¤Ë´Ø¤¹¤ë¾ðÊó¤Ï¼¡¤Î¥Ú¡¼¥¸¤Ë¤Þ¤È¤Þ¤Ã¤Æ¤¤¤ë¡£
Advisories/K-ZkTeco-2023-001.md at master klsecservices/Advisories GitHub
Advisories/K-ZkTeco-2023-002.md at master klsecservices/Advisories GitHub
Advisories/K-ZkTeco-2023-003.md at master klsecservices/Advisories GitHub
Advisories/K-ZkTeco-2023-004.md at master klsecservices/Advisories GitHub
Advisories/K-ZkTeco-2023-005.md at master klsecservices/Advisories GitHub
Advisories/K-ZkTeco-2023-006.md at master klsecservices/Advisories GitHub
ȯ¸«¤µ¤ì¤¿ÀȼåÀ¤Î¾ðÊó(CVE)¤Ï¼¡¤Î¤È¤ª¤ê¡£
CVE-2023-3938 - SQL¥¤¥ó¥¸¥§¥¯¥·¥ç¥ó¤ÎÀȼåÀ¡£¹¶·â¼Ô¤ÏǤ°Õ¤Î¥æ¡¼¥¶¡¼¤Çǧ¾Ú¤Ç¤¤ë
CVE-2023-3939 - OS¥³¥Þ¥ó¥É¥¤¥ó¥¸¥§¥¯¥·¥ç¥ó¤ÎÀȼåÀ¡£¹¶·â¼Ô¤Ï´ÉÍý¼Ô¸¢¸Â¤ÇOS¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë
CVE-2023-3940 - ¥Ñ¥¹¥È¥é¥Ð¡¼¥µ¥ë¤ÎÀȼåÀ¡£¹¶·â¼Ô¤Ï¥·¥¹¥Æ¥à¾å¤ÎǤ°Õ¤Î¥Õ¥¡¥¤¥ë¤Ë¥¢¥¯¥»¥¹¤Ç¤¤ë²ÄǽÀ¤¬¤¢¤ë
CVE-2023-3941 - ¥Ñ¥¹¥È¥é¥Ð¡¼¥µ¥ë¤ÎÀȼåÀ¡£¹¶·â¼Ô¤Ï´ÉÍý¼Ô¸¢¸Â¤Ç¥·¥¹¥Æ¥à¾å¤ÎǤ°Õ¤Î¥Õ¥¡¥¤¥ë¤Ë½ñ¤¹þ¤á¤ë
CVE-2023-3942 - SQL¥¤¥ó¥¸¥§¥¯¥·¥ç¥ó¤ÎÀȼåÀ¡£¹¶·â¼Ô¤Ï¾¤Î¥æ¡¼¥¶¡¼¤Ë¤Ê¤ê¤¹¤Þ¤·¤¿¤ê¡¢ÉÔÀµ¤Ê¥¢¥¯¥·¥ç¥ó¤ò¼Â¹Ô¤Ç¤¤ë²ÄǽÀ¤¬¤¢¤ë
CVE-2023-3943 - ¥Ð¥Ã¥Õ¥¡¡¼¥ª¡¼¥Ð¡¼¥Õ¥í¡¼¤ÎÀȼåÀ¡£¹¶·â¼Ô¤ÏǤ°Õ¤Î¥³¡¼¥É¤ò¼Â¹Ô¤Ç¤¤ë²ÄǽÀ¤¬¤¢¤ë
¡ûÀȼåÀ¤¬Â¸ºß¤¹¤ëÀ½ÉÊ
ÀȼåÀ¤¬Â¸ºß¤¹¤ë¤È¤µ¤ì¤ëÀ½Éʤª¤è¤Ó¥Õ¥¡¡¼¥à¥¦¥§¥¢¥Ð¡¼¥¸¥ç¥ó¤Ï¼¡¤Î¤È¤ª¤ê¡£
ProFace X ZAM170-NF-1.8.25-7354-Ver1.0.0
Smartec ST-FR043 ZAM170-NF-1.8.25-7354-Ver1.0.0
Smartec ST-FR041ME ZAM170-NF-1.8.25-7354-Ver1.0.0
ÀȼåÀ¤Ï¾åµ¤ÎÀ½Éʤξ¤ËƱÍͤΥϡ¼¥É¥¦¥§¥¢¤ª¤è¤Ó¥Õ¥¡¡¼¥à¥¦¥§¥¢¤òÅëºÜ¤·¤¿OEMÀ½Éʤˤ⸺ߤ¹¤ë¤È¤ß¤é¤ì¤Æ¤ª¤ê¡¢Àµ³Î¤Ê±Æ¶ÁÈϰϤÏÉÔÌÀ¤È¤µ¤ì¤ë¡£
¡û±Æ¶Á¤ÈÂкö
ȯ¸«¤µ¤ì¤¿ÀȼåÀ¤ò°ÍѤ¹¤ë¤È¡¢Ç§¾Ú¤µ¤ì¤Æ¤¤¤Ê¤¤Âè»°¼Ô¤¬Ç¤°Õ¤Î¥æ¡¼¥¶¡¼¤È¤·¤Æǧ¾Ú¤Ç¤¤ë²ÄǽÀ¤¬¤¢¤ë¡£¼ÂºÝ¡¢Kaspersky Lab¤ÏSQL¥³¡¼¥É¤ò´Þ¤àQR¥³¡¼¥É¤òÍѤ¤¤Æǧ¾Ú¤Ç¤¤ë¤³¤È¤ò³Îǧ¤·¤Æ¤¤¤ë¡£
SQL¥³¡¼¥É¤ò´Þ¤àQR¥³¡¼¥É¤ò¤«¤¶¤·¤Æǧ¾Ú¤¹¤ëÍͻҡ¡°úÍÑ¡§Kaspersky Lab
¤Þ¤¿¡¢¥Í¥Ã¥È¥ï¡¼¥¯µ¡Ç½¤«¤é¤âÀȼåÀ¤¬È¯¸«¤µ¤ì¤Æ¤ª¤ê¡¢¥Ç¥Ð¥¤¥¹¤Ë¥¢¥¯¥»¥¹¤Ç¤¤ëǧ¾Ú¤µ¤ì¤Æ¤¤¤Ê¤¤Âè»°¼Ô¤¬±ó³Ö¤«¤é´ÉÍý¼Ô¸¢¸Â¤ÇǤ°Õ¤ÎOS¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë²ÄǽÀ¤¬¤¢¤ë¡£¤³¤ì¤éÀȼåÀ¤Î¤¦¤ÁºÇ¤â¿¼¹ïÅ٤ι⤤¤â¤Î¤Ï¶ÛµÞ(Critical)¤Èɾ²Á¤µ¤ì¤Æ¤ª¤êÃí°Õ¤¬É¬Íס£
Kaspersky Lab¤Ïȯ¸«¤·¤¿ÀȼåÀ¤ò¥Ù¥ó¥À¡¼¤ËÊó¹ð¤·¤Æ¤¤¤ë¤¬¡¢¥Ù¥ó¥À¡¼¤ÏÀȼåÀ¤Î¾ðÊó¤ä½¤Àµ¥Ñ¥Ã¥Á¤Î¾ðÊó¤ò¸ø³«¤·¤Æ¤¤¤Ê¤¤¡£³ºÅöÀ½Éʤª¤è¤ÓOEMÀ½Éʤò±¿ÍѤ¹¤ë´ÉÍý¼Ô¤Ï¡¢±Æ¶Á¤ò¥Ù¥ó¥À¡¼¤Ë³Îǧ¤·¡¢É¬Íפ˱þ¤¸¤ÆÀ½Éʤò¥¢¥Ã¥×¥Ç¡¼¥È¤¹¤ë¤³¤È¤¬¿ä¾©¤µ¤ì¤Æ¤¤¤ë¡£
¡ûÀȼåÀ¤Î¾ðÊó
ȯ¸«¤µ¤ì¤¿ÀȼåÀ¤Ë´Ø¤¹¤ë¾ðÊó¤Ï¼¡¤Î¥Ú¡¼¥¸¤Ë¤Þ¤È¤Þ¤Ã¤Æ¤¤¤ë¡£
Advisories/K-ZkTeco-2023-001.md at master klsecservices/Advisories GitHub
Advisories/K-ZkTeco-2023-002.md at master klsecservices/Advisories GitHub
Advisories/K-ZkTeco-2023-003.md at master klsecservices/Advisories GitHub
Advisories/K-ZkTeco-2023-004.md at master klsecservices/Advisories GitHub
Advisories/K-ZkTeco-2023-005.md at master klsecservices/Advisories GitHub
Advisories/K-ZkTeco-2023-006.md at master klsecservices/Advisories GitHub
ȯ¸«¤µ¤ì¤¿ÀȼåÀ¤Î¾ðÊó(CVE)¤Ï¼¡¤Î¤È¤ª¤ê¡£
CVE-2023-3938 - SQL¥¤¥ó¥¸¥§¥¯¥·¥ç¥ó¤ÎÀȼåÀ¡£¹¶·â¼Ô¤ÏǤ°Õ¤Î¥æ¡¼¥¶¡¼¤Çǧ¾Ú¤Ç¤¤ë
CVE-2023-3939 - OS¥³¥Þ¥ó¥É¥¤¥ó¥¸¥§¥¯¥·¥ç¥ó¤ÎÀȼåÀ¡£¹¶·â¼Ô¤Ï´ÉÍý¼Ô¸¢¸Â¤ÇOS¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë
CVE-2023-3940 - ¥Ñ¥¹¥È¥é¥Ð¡¼¥µ¥ë¤ÎÀȼåÀ¡£¹¶·â¼Ô¤Ï¥·¥¹¥Æ¥à¾å¤ÎǤ°Õ¤Î¥Õ¥¡¥¤¥ë¤Ë¥¢¥¯¥»¥¹¤Ç¤¤ë²ÄǽÀ¤¬¤¢¤ë
CVE-2023-3941 - ¥Ñ¥¹¥È¥é¥Ð¡¼¥µ¥ë¤ÎÀȼåÀ¡£¹¶·â¼Ô¤Ï´ÉÍý¼Ô¸¢¸Â¤Ç¥·¥¹¥Æ¥à¾å¤ÎǤ°Õ¤Î¥Õ¥¡¥¤¥ë¤Ë½ñ¤¹þ¤á¤ë
CVE-2023-3942 - SQL¥¤¥ó¥¸¥§¥¯¥·¥ç¥ó¤ÎÀȼåÀ¡£¹¶·â¼Ô¤Ï¾¤Î¥æ¡¼¥¶¡¼¤Ë¤Ê¤ê¤¹¤Þ¤·¤¿¤ê¡¢ÉÔÀµ¤Ê¥¢¥¯¥·¥ç¥ó¤ò¼Â¹Ô¤Ç¤¤ë²ÄǽÀ¤¬¤¢¤ë
CVE-2023-3943 - ¥Ð¥Ã¥Õ¥¡¡¼¥ª¡¼¥Ð¡¼¥Õ¥í¡¼¤ÎÀȼåÀ¡£¹¶·â¼Ô¤ÏǤ°Õ¤Î¥³¡¼¥É¤ò¼Â¹Ô¤Ç¤¤ë²ÄǽÀ¤¬¤¢¤ë
¡ûÀȼåÀ¤¬Â¸ºß¤¹¤ëÀ½ÉÊ
ÀȼåÀ¤¬Â¸ºß¤¹¤ë¤È¤µ¤ì¤ëÀ½Éʤª¤è¤Ó¥Õ¥¡¡¼¥à¥¦¥§¥¢¥Ð¡¼¥¸¥ç¥ó¤Ï¼¡¤Î¤È¤ª¤ê¡£
ProFace X ZAM170-NF-1.8.25-7354-Ver1.0.0
Smartec ST-FR043 ZAM170-NF-1.8.25-7354-Ver1.0.0
Smartec ST-FR041ME ZAM170-NF-1.8.25-7354-Ver1.0.0
ÀȼåÀ¤Ï¾åµ¤ÎÀ½Éʤξ¤ËƱÍͤΥϡ¼¥É¥¦¥§¥¢¤ª¤è¤Ó¥Õ¥¡¡¼¥à¥¦¥§¥¢¤òÅëºÜ¤·¤¿OEMÀ½Éʤˤ⸺ߤ¹¤ë¤È¤ß¤é¤ì¤Æ¤ª¤ê¡¢Àµ³Î¤Ê±Æ¶ÁÈϰϤÏÉÔÌÀ¤È¤µ¤ì¤ë¡£
¡û±Æ¶Á¤ÈÂкö
ȯ¸«¤µ¤ì¤¿ÀȼåÀ¤ò°ÍѤ¹¤ë¤È¡¢Ç§¾Ú¤µ¤ì¤Æ¤¤¤Ê¤¤Âè»°¼Ô¤¬Ç¤°Õ¤Î¥æ¡¼¥¶¡¼¤È¤·¤Æǧ¾Ú¤Ç¤¤ë²ÄǽÀ¤¬¤¢¤ë¡£¼ÂºÝ¡¢Kaspersky Lab¤ÏSQL¥³¡¼¥É¤ò´Þ¤àQR¥³¡¼¥É¤òÍѤ¤¤Æǧ¾Ú¤Ç¤¤ë¤³¤È¤ò³Îǧ¤·¤Æ¤¤¤ë¡£
SQL¥³¡¼¥É¤ò´Þ¤àQR¥³¡¼¥É¤ò¤«¤¶¤·¤Æǧ¾Ú¤¹¤ëÍͻҡ¡°úÍÑ¡§Kaspersky Lab
¤Þ¤¿¡¢¥Í¥Ã¥È¥ï¡¼¥¯µ¡Ç½¤«¤é¤âÀȼåÀ¤¬È¯¸«¤µ¤ì¤Æ¤ª¤ê¡¢¥Ç¥Ð¥¤¥¹¤Ë¥¢¥¯¥»¥¹¤Ç¤¤ëǧ¾Ú¤µ¤ì¤Æ¤¤¤Ê¤¤Âè»°¼Ô¤¬±ó³Ö¤«¤é´ÉÍý¼Ô¸¢¸Â¤ÇǤ°Õ¤ÎOS¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤Ç¤¤ë²ÄǽÀ¤¬¤¢¤ë¡£¤³¤ì¤éÀȼåÀ¤Î¤¦¤ÁºÇ¤â¿¼¹ïÅ٤ι⤤¤â¤Î¤Ï¶ÛµÞ(Critical)¤Èɾ²Á¤µ¤ì¤Æ¤ª¤êÃí°Õ¤¬É¬Íס£
Kaspersky Lab¤Ïȯ¸«¤·¤¿ÀȼåÀ¤ò¥Ù¥ó¥À¡¼¤ËÊó¹ð¤·¤Æ¤¤¤ë¤¬¡¢¥Ù¥ó¥À¡¼¤ÏÀȼåÀ¤Î¾ðÊó¤ä½¤Àµ¥Ñ¥Ã¥Á¤Î¾ðÊó¤ò¸ø³«¤·¤Æ¤¤¤Ê¤¤¡£³ºÅöÀ½Éʤª¤è¤ÓOEMÀ½Éʤò±¿ÍѤ¹¤ë´ÉÍý¼Ô¤Ï¡¢±Æ¶Á¤ò¥Ù¥ó¥À¡¼¤Ë³Îǧ¤·¡¢É¬Íפ˱þ¤¸¤ÆÀ½Éʤò¥¢¥Ã¥×¥Ç¡¼¥È¤¹¤ë¤³¤È¤¬¿ä¾©¤µ¤ì¤Æ¤¤¤ë¡£