CVE-2024-1706

Name: CVE-2024-1706
Creator: NVD / NIST
Published: 2024-02-21T18:15:51.057+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

LOWCVSS 2/10EPSS 0.43%

Last modified Jun 17, 2026

CVE-2024-1706 is a low-severity vulnerability rated 2/10 on the CVSS scale. A vulnerability was determined in ZKTeco ZKBio Access IVS up to 3.3.2. This impacts an unknown function of the component Department Name Search Bar. EPSS estimates a 0.43% chance of exploitation in the next 30 days.

Description

A vulnerability was determined in ZKTeco ZKBio Access IVS up to 3.3.2. This impacts an unknown function of the component Department Name Search Bar. This manipulation with the input <marquee>hi causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor explains: "ZKBio Access IVS is no longer maintained and the product has been replaced by ZKBio CVAccess, it is recommended to replace it with the latest version of ZKBio CVAccess." This vulnerability only affects products that are no longer supported by the maintainer.

Metrics

CVSS 3.1

5.4/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS 4.0

2/10

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

0.43%

34.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Zkteco	Zkbio Access Ivs	<= 3.3.2

References

https://gist.githubusercontent.com/whiteman007/8d3a09991de4ef336937ba91c07b7856/raw/adc00538d7a8c3c54bde4797a10d9b6af393711d/gistfile1.txtThird Party Advisory
https://vuldb.com/?ctiid.254396Permissions Required
https://vuldb.com/?id.254396Third Party Advisory
https://vuldb.com/?submit.280083
https://vuldb.com/?submit.280084
https://www.zkteco.com/en/Security_Bulletinsibs/21
https://gist.githubusercontent.com/whiteman007/8d3a09991de4ef336937ba91c07b7856/raw/adc00538d7a8c3c54bde4797a10d9b6af393711d/gistfile1.txtThird Party Advisory
https://vuldb.com/?ctiid.254396Permissions Required
https://vuldb.com/?id.254396Third Party Advisory

Timeline

Published: Feb 21, 2024
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2024-1706?

How severe is CVE-2024-1706?

CVE-2024-1706 has a CVSS score of 2/10 (LOW severity). The EPSS model estimates a 0.43% probability of exploitation in the next 30 days.

How do I fix CVE-2024-1706?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-1706?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST