Lucene search

[email protected]CVE-2023-28808

HistoryApr 11, 2023 - 9:15 p.m.

CVE-2023-28808

2023-04-1121:15:29

CWE-284

[email protected]

web.nvd.nist.gov

227

hikvision

hybrid

san

cluster storage

access control

vulnerability

admin permission

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.5%

JSON

Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.

Affected configurations

NVD

Node

hikvisionds-a71024Match-

AND

hikvisionds-a71024_firmwareRange≤2.3.8-8

Node

hikvisionds-a71048Match-

AND

hikvisionds-a71048_firmwareRange≤2.3.8-8

Node

hikvisionds-a71072rMatch-

AND

hikvisionds-a71072r_firmwareRange≤2.3.8-8

Node

hikvisionds-a80624sMatch-

AND

hikvisionds-a80624s_firmwareRange≤2.3.8-8

Node

hikvisionds-a81016sMatch-

AND

hikvisionds-a81016s_firmwareRange≤2.3.8-8

Node

hikvisionds-a72024Match-

AND

hikvisionds-a72024_firmwareRange≤2.3.8-8

Node

hikvisionds-a72072rMatch-

AND

hikvisionds-a72072r_firmwareMatch-

Node

hikvisionds-a80316s_firmwareRange≤2.3.8-8

AND

hikvisionds-a80316sMatch-

Node

hikvisionds-a82024d_firmwareRange≤2.3.8-8

AND

hikvisionds-a82024dMatch-

Node

hikvisionds-a71024_firmwareRange≤1.1.4

AND

hikvisionds-a71024Match-

Node

hikvisionds-a71048r-cvs_firmwareRange≤1.1.4

AND

hikvisionds-a71048r-cvsMatch-

Node

hikvisionds-a72072r_firmwareRange≤2.3.8-8

AND

hikvisionds-a72072rMatch-

CPENameOperatorVersion
hikvision:ds-a71024_firmwarehikvision ds-a71024 firmwarele2.3.8-8

CPE	Name	Operator	Version
hikvision:ds-a71024_firmware	hikvision ds-a71024 firmware	le	2.3.8-8

CNA Affected

[
  {
    "vendor": "hikvision",
    "product": "DS-A71024/48/72R,DS-A80624S,DS-A81016S,DS-A72024/72R,DS-A80316S,DS-A82024D",
    "versions": [
      {
        "version": "V2.X",
        "status": "affected",
        "lessThanOrEqual": "V2.3.8-8",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "hikvision",
    "product": "DS-A71024/48R-CVS,DS-A72024/48R-CVS",
    "versions": [
      {
        "version": "V1.X",
        "status": "affected",
        "lessThanOrEqual": "V1.1.4 ",
        "versionType": "custom"
      }
    ]
  }
]

References

www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-hybrid-san-cluster-stor/

Social References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.5%

JSON

Related for CVE-2023-28808

prion1 cvelist1 nvd1