Description
A vulnerability in Suprema BioStar (aka Bio Star) 2 v2.8.16 allows attackers to escalate privileges to System Administrator via a crafted PUT request to the update profile page.
References
https://nobugescapes.com/blog/privilege-escalation-from-user-operator-to-system-administrator/
ExploitThird Party Advisory
https://nobugescapes.com/wp-content/uploads/2022/08/Part1.docx
ExploitThird Party Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 · High
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2022-09-19T21:15:09.627
2 years agoLast modified
2022-09-21T18:13:30.060
2 years ago