ZKTeco ZKAccess Professional 3 is impacted by a critical vulnerability that could lead to unauthorized control of physical security systems.

This is a late-disclosed vulnerability affecting the ZKAccess Professional 3 software suite. The flaw potentially allows for unauthorized administrative access to the system, facilitating the manipulation of access control lists or door management settings.

The CVSS score of 8.8 reflects the high risk of this vulnerability, particularly in environments managing physical security. Unauthorized access could result in the compromise of facility security, enabling unauthorized entry or the disabling of security protocols, posing a severe threat to business operations and safety.

Immediate Action: Identify all instances of ZKAccess Professional 3 and apply the latest vendor patches or firmware updates.

Proactive Monitoring: Monitor access control logs for signs of anomalous configuration changes or unauthorized login attempts.

Compensating Controls: Restrict management console access to an isolated, dedicated administrative network segment and implement multi-factor authentication if supported.

Public Exploit Available: false

Given the critical nature of physical security management software, this vulnerability must be addressed urgently. Administrators should verify the patch level of their ZKAccess installations and apply necessary updates to prevent potential physical security breaches.