CVE-2023-28808 (GCVE-0-2023-28808)
Vulnerability from cvelistv5 – Published: 2023-04-11 00:00 – Updated: 2025-02-07 19:35
VLAI?
Summary
Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.
Severity ?
9.1 (Critical)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| hikvision | DS-A71024/48/72R,DS-A80624S,DS-A81016S,DS-A72024/72R,DS-A80316S,DS-A82024D |
Affected:
V2.X , ≤ V2.3.8-8
(custom)
|
|||||||
|
|||||||||
Credits
Souvik Kandar, Arko Dhar
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-hybrid-san-cluster-stor/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28808",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T19:35:09.080119Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T19:35:13.163Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DS-A71024/48/72R,DS-A80624S,DS-A81016S,DS-A72024/72R,DS-A80316S,DS-A82024D",
"vendor": "hikvision",
"versions": [
{
"lessThanOrEqual": "V2.3.8-8",
"status": "affected",
"version": "V2.X",
"versionType": "custom"
}
]
},
{
"product": "DS-A71024/48R-CVS,DS-A72024/48R-CVS",
"vendor": "hikvision",
"versions": [
{
"lessThanOrEqual": "V1.1.4 ",
"status": "affected",
"version": "V1.X",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Souvik Kandar, Arko Dhar"
}
],
"datePublic": "2023-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T00:00:00.000Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-hybrid-san-cluster-stor/"
}
],
"solutions": [
{
"lang": "en",
"value": "https://www.hikvision.com/content/dam/hikvision/en/support/notice/security-notification-23-4-10/Fixing-Security-Vulnerability-of-Hybrid-SAN-230407.zip"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2023-28808",
"datePublished": "2023-04-11T00:00:00.000Z",
"dateReserved": "2023-03-23T00:00:00.000Z",
"dateUpdated": "2025-02-07T19:35:13.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hikvision:ds-a71024_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.3.8-8\", \"matchCriteriaId\": \"293E1004-ED96-49D9-A137-3F0FF9D737E6\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hikvision:ds-a71024:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"87F8B1C7-B988-49CF-89D0-09017B4DCEBA\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hikvision:ds-a71048_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.3.8-8\", \"matchCriteriaId\": \"7F4543AF-5F7F-4288-B48D-7BA8090BFC0E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hikvision:ds-a71048:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2B0871C6-9FE4-45DE-B2F6-65AD12D91FE2\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hikvision:ds-a71072r_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.3.8-8\", \"matchCriteriaId\": \"9239541E-45D6-4DDB-9ED5-78BCE8081DD8\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hikvision:ds-a71072r:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB9EDB1F-99FE-49BE-B41F-8F844FC3A974\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hikvision:ds-a80624s_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.3.8-8\", \"matchCriteriaId\": \"A0F8168D-436F-4E27-B43A-360516B25567\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hikvision:ds-a80624s:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"66E737EC-4796-465E-AD67-A267E81FB790\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hikvision:ds-a81016s_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.3.8-8\", \"matchCriteriaId\": \"834FDC2D-9BE7-4FD9-BE47-534CC491412F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hikvision:ds-a81016s:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8DE0F6B8-F8E8-474E-BFF4-02687D7C0E55\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hikvision:ds-a72024_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.3.8-8\", \"matchCriteriaId\": \"7E53CBF5-C3B7-432D-AE4D-E737BCCBDCD9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hikvision:ds-a72024:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E10B92A9-17C9-4529-B41A-89E49715BC30\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hikvision:ds-a72072r_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F5B78E7-C39C-4806-9A39-390E0185D427\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hikvision:ds-a72072r:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4BC39D52-7658-4082-AF6C-1FE5CD65B03B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hikvision:ds-a80316s_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.3.8-8\", \"matchCriteriaId\": \"7B00C9DB-29C6-4998-95DE-7932AAF07F8C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hikvision:ds-a80316s:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"78FAC011-76C8-4EAB-A8B7-89E5269CAA66\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hikvision:ds-a82024d_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.3.8-8\", \"matchCriteriaId\": \"51774330-FFE5-4541-9758-F3E9375FC1BA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hikvision:ds-a82024d:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AA2216B1-E331-400F-A708-AA0E49B7C046\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hikvision:ds-a71024_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.1.4\", \"matchCriteriaId\": \"FCCEFC5B-58F0-427D-94E9-7EA73DB01FBF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hikvision:ds-a71024:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"87F8B1C7-B988-49CF-89D0-09017B4DCEBA\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hikvision:ds-a71048r-cvs_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.1.4\", \"matchCriteriaId\": \"2D93B293-5F58-4973-A6E1-09ECFE0E5765\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hikvision:ds-a71048r-cvs:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A598604F-924B-4678-B70C-5C961FFB0F17\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hikvision:ds-a72072r_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.3.8-8\", \"matchCriteriaId\": \"5A107658-2606-4FE7-8DF0-32E8C820A281\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hikvision:ds-a72072r:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4BC39D52-7658-4082-AF6C-1FE5CD65B03B\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.\"}]",
"id": "CVE-2023-28808",
"lastModified": "2024-11-21T07:56:03.443",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"hsrc@hikvision.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
"published": "2023-04-11T21:15:29.723",
"references": "[{\"url\": \"https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-hybrid-san-cluster-stor/\", \"source\": \"hsrc@hikvision.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-hybrid-san-cluster-stor/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "hsrc@hikvision.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"hsrc@hikvision.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-28808\",\"sourceIdentifier\":\"hsrc@hikvision.com\",\"published\":\"2023-04-11T21:15:29.723\",\"lastModified\":\"2024-11-21T07:56:03.443\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"hsrc@hikvision.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"hsrc@hikvision.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-a71024_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.3.8-8\",\"matchCriteriaId\":\"293E1004-ED96-49D9-A137-3F0FF9D737E6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-a71024:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87F8B1C7-B988-49CF-89D0-09017B4DCEBA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-a71048_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.3.8-8\",\"matchCriteriaId\":\"7F4543AF-5F7F-4288-B48D-7BA8090BFC0E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-a71048:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B0871C6-9FE4-45DE-B2F6-65AD12D91FE2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-a71072r_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.3.8-8\",\"matchCriteriaId\":\"9239541E-45D6-4DDB-9ED5-78BCE8081DD8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-a71072r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB9EDB1F-99FE-49BE-B41F-8F844FC3A974\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-a80624s_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.3.8-8\",\"matchCriteriaId\":\"A0F8168D-436F-4E27-B43A-360516B25567\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-a80624s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66E737EC-4796-465E-AD67-A267E81FB790\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-a81016s_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.3.8-8\",\"matchCriteriaId\":\"834FDC2D-9BE7-4FD9-BE47-534CC491412F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-a81016s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DE0F6B8-F8E8-474E-BFF4-02687D7C0E55\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-a72024_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.3.8-8\",\"matchCriteriaId\":\"7E53CBF5-C3B7-432D-AE4D-E737BCCBDCD9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-a72024:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E10B92A9-17C9-4529-B41A-89E49715BC30\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-a72072r_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F5B78E7-C39C-4806-9A39-390E0185D427\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-a72072r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BC39D52-7658-4082-AF6C-1FE5CD65B03B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-a80316s_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.3.8-8\",\"matchCriteriaId\":\"7B00C9DB-29C6-4998-95DE-7932AAF07F8C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-a80316s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78FAC011-76C8-4EAB-A8B7-89E5269CAA66\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-a82024d_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.3.8-8\",\"matchCriteriaId\":\"51774330-FFE5-4541-9758-F3E9375FC1BA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-a82024d:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA2216B1-E331-400F-A708-AA0E49B7C046\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-a71024_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.1.4\",\"matchCriteriaId\":\"FCCEFC5B-58F0-427D-94E9-7EA73DB01FBF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-a71024:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87F8B1C7-B988-49CF-89D0-09017B4DCEBA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-a71048r-cvs_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.1.4\",\"matchCriteriaId\":\"2D93B293-5F58-4973-A6E1-09ECFE0E5765\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-a71048r-cvs:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A598604F-924B-4678-B70C-5C961FFB0F17\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-a72072r_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.3.8-8\",\"matchCriteriaId\":\"5A107658-2606-4FE7-8DF0-32E8C820A281\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-a72072r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BC39D52-7658-4082-AF6C-1FE5CD65B03B\"}]}]}],\"references\":[{\"url\":\"https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-hybrid-san-cluster-stor/\",\"source\":\"hsrc@hikvision.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-hybrid-san-cluster-stor/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-hybrid-san-cluster-stor/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T13:51:38.489Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-28808\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-07T19:35:09.080119Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-07T19:34:58.089Z\"}}], \"cna\": {\"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"Souvik Kandar, Arko Dhar\"}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"hikvision\", \"product\": \"DS-A71024/48/72R,DS-A80624S,DS-A81016S,DS-A72024/72R,DS-A80316S,DS-A82024D\", \"versions\": [{\"status\": \"affected\", \"version\": \"V2.X\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"V2.3.8-8\"}]}, {\"vendor\": \"hikvision\", \"product\": \"DS-A71024/48R-CVS,DS-A72024/48R-CVS\", \"versions\": [{\"status\": \"affected\", \"version\": \"V1.X\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"V1.1.4 \"}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"https://www.hikvision.com/content/dam/hikvision/en/support/notice/security-notification-23-4-10/Fixing-Security-Vulnerability-of-Hybrid-SAN-230407.zip\"}], \"datePublic\": \"2023-04-11T00:00:00.000Z\", \"references\": [{\"url\": \"https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-hybrid-san-cluster-stor/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284 Improper Access Control\"}]}], \"providerMetadata\": {\"orgId\": \"da451dce-859b-4e51-8b87-9c8b60d19b32\", \"shortName\": \"hikvision\", \"dateUpdated\": \"2023-04-11T00:00:00.000Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-28808\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-07T19:35:13.163Z\", \"dateReserved\": \"2023-03-23T00:00:00.000Z\", \"assignerOrgId\": \"da451dce-859b-4e51-8b87-9c8b60d19b32\", \"datePublished\": \"2023-04-11T00:00:00.000Z\", \"assignerShortName\": \"hikvision\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…