Description

A vulnerability in Suprema BioStar (aka Bio Star) 2 v2.8.16 allows attackers to escalate privileges to System Administrator via a crafted PUT request to the update profile page.

Related CPE's

a

supremainc

biostar_2

2.8.16

Vulnerable

References

https://nobugescapes.com/blog/privilege-escalation-from-user-operator-to-system-administrator/

ExploitThird Party Advisory

https://nobugescapes.com/wp-content/uploads/2022/08/Part1.docx

ExploitThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-269

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2022-09-19T21:15:09.627

2 years ago

Last modified

2022-09-21T18:13:30.060

2 years ago