Authentication Bypass by Primary Weakness vulnerability in ZKSoftware Biometric Security Solutions UFace 5 allows Authentication Bypass. This issue affects UFace 5: through 12022024.
The vulnerability classified as CWE-305 (Authentication Bypass by Primary Weakness) indicates a fundamental weakness in the device's primary authentication mechanism. A remote attacker, over the network, without needing to possess any authentication credentials, can bypass the identity verification process. The vulnerability affects all versions of UFace 5 software up to and including version 12022024.
Successful exploitation of this vulnerability allows an attacker to gain unauthorized access to the biometric device, which may result in violations of confidentiality, integrity, and availability of the system — including potential manipulation of biometric data or control of physical access.
Apply patches available from the manufacturer according to the references. It is recommended to monitor security messages published by USOM (TR-24-0173) and isolate UFace 5 devices from the public network until updates are applied.
ZKSoftware Biometric Security Solutions UFace 5 — all software versions up to and including 12022024.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HZksoftware Uface 5
APPZksoftware≤ 12022024