Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
History
24 Apr 2023, 13:50
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:hikvision:ds-a71024_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-a71072r:-:*:*:*:*:*:*:* cpe:2.3:o:hikvision:ds-a72072r_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:hikvision:ds-a71072r_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:hikvision:ds-a71048r-cvs_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:hikvision:ds-a81016s_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-a71024:-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-a80624s:-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-a72072r:-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-a72024:-:*:*:*:*:*:*:* cpe:2.3:o:hikvision:ds-a72024_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-a82024d:-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-a80316s:-:*:*:*:*:*:*:* cpe:2.3:o:hikvision:ds-a82024d_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:hikvision:ds-a80316s_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-a71048r-cvs:-:*:*:*:*:*:*:* cpe:2.3:o:hikvision:ds-a80624s_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:hikvision:ds-a72072r_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-a81016s:-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-a71048:-:*:*:*:*:*:*:* cpe:2.3:o:hikvision:ds-a71048_firmware:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | NVD-CWE-noinfo | |
First Time |
Hikvision ds-a82024d Firmware
Hikvision ds-a80316s Firmware Hikvision ds-a81016s Hikvision ds-a72024 Hikvision ds-a81016s Firmware Hikvision ds-a71024 Firmware Hikvision ds-a71048r-cvs Hikvision ds-a71072r Firmware Hikvision ds-a71072r Hikvision ds-a72072r Hikvision ds-a71048r-cvs Firmware Hikvision ds-a80624s Firmware Hikvision ds-a72072r Firmware Hikvision ds-a71048 Firmware Hikvision ds-a82024d Hikvision ds-a72024 Firmware Hikvision ds-a80624s Hikvision ds-a71024 Hikvision ds-a71048 Hikvision Hikvision ds-a80316s |
|
References | (MISC) https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-hybrid-san-cluster-stor/ - Vendor Advisory |
11 Apr 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-11 21:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-28808
Mitre link : CVE-2023-28808
CVE.ORG link : CVE-2023-28808
JSON object : View
Products Affected
hikvision
- ds-a71048r-cvs
- ds-a71048_firmware
- ds-a71024_firmware
- ds-a71072r
- ds-a80316s_firmware
- ds-a72024_firmware
- ds-a81016s
- ds-a82024d
- ds-a71048
- ds-a72072r_firmware
- ds-a80316s
- ds-a80624s_firmware
- ds-a71048r-cvs_firmware
- ds-a81016s_firmware
- ds-a72024
- ds-a71024
- ds-a80624s
- ds-a72072r
- ds-a82024d_firmware
- ds-a71072r_firmware
CWE