Lucene search

[email protected]NVD:CVE-2023-28808

HistoryApr 11, 2023 - 9:15 p.m.

CVE-2023-28808

2023-04-1121:15:29

CWE-284

[email protected]

web.nvd.nist.gov

hikvision

access control

san/cluster

admin permission

vulnerability

crafted messages

affected devices

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.4%

JSON

Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.

Affected configurations

NVD

Node

hikvisionds-a71024Match-

AND

hikvisionds-a71024_firmwareRange≤2.3.8-8

Node

hikvisionds-a71048Match-

AND

hikvisionds-a71048_firmwareRange≤2.3.8-8

Node

hikvisionds-a71072rMatch-

AND

hikvisionds-a71072r_firmwareRange≤2.3.8-8

Node

hikvisionds-a80624sMatch-

AND

hikvisionds-a80624s_firmwareRange≤2.3.8-8

Node

hikvisionds-a81016sMatch-

AND

hikvisionds-a81016s_firmwareRange≤2.3.8-8

Node

hikvisionds-a72024Match-

AND

hikvisionds-a72024_firmwareRange≤2.3.8-8

Node

hikvisionds-a72072rMatch-

AND

hikvisionds-a72072r_firmwareMatch-

Node

hikvisionds-a80316s_firmwareRange≤2.3.8-8

AND

hikvisionds-a80316sMatch-

Node

hikvisionds-a82024d_firmwareRange≤2.3.8-8

AND

hikvisionds-a82024dMatch-

Node

hikvisionds-a71024_firmwareRange≤1.1.4

AND

hikvisionds-a71024Match-

Node

hikvisionds-a71048r-cvs_firmwareRange≤1.1.4

AND

hikvisionds-a71048r-cvsMatch-

Node

hikvisionds-a72072r_firmwareRange≤2.3.8-8

AND

hikvisionds-a72072rMatch-

References

www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-hybrid-san-cluster-stor/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.4%

JSON

Related for NVD:CVE-2023-28808

prion1 cvelist1 cve1