cve-2023-28809
Vulnerability from cvelistv5
Published
2023-06-15 00:00
Modified
2024-08-02 13:51
Severity ?
EPSS score ?
Summary
Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/174506/Hikvision-Access-Control-Session-Hijacking.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DS-K1T804AXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V1.4.0_build221212",
"status": "affected",
"version": "V1.4.0_build221212",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T341AXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.2.30_build221223",
"status": "affected",
"version": "V3.2.30_build221223",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T671XXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.2.30_build221223",
"status": "affected",
"version": "V3.2.30_build221223",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T343XXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.14.0_build230117",
"status": "affected",
"version": "V3.14.0_build230117",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T341C",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.3.8_build230112",
"status": "affected",
"version": "V3.3.8_build230112",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T320XXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.5.0_build220706",
"status": "affected",
"version": "V3.5.0_build220706",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Andres Hinnosaar"
}
],
"datePublic": "2023-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-05T16:06:26.704372",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/"
},
{
"url": "http://packetstormsecurity.com/files/174506/Hikvision-Access-Control-Session-Hijacking.html"
}
],
"solutions": [
{
"lang": "en",
"value": "https://www.hikvision.com/en/support/download/firmware/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2023-28809",
"datePublished": "2023-06-15T00:00:00",
"dateReserved": "2023-03-23T00:00:00",
"dateUpdated": "2024-08-02T13:51:38.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-28809\",\"sourceIdentifier\":\"hsrc@hikvision.com\",\"published\":\"2023-06-15T19:15:10.537\",\"lastModified\":\"2023-09-05T17:15:08.280\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9},{\"source\":\"hsrc@hikvision.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-384\"}]},{\"source\":\"hsrc@hikvision.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-k1t320efwx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7140EB24-E7B5-4F86-9A5C-0D88D1DA90C7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-k1t320efwx_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AB2BA1B-B272-4B4E-BB2C-3EE2D267CA81\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-k1t320efx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21D67B36-A2A7-42E2-A7FB-6BBF3A973E37\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-k1t320efx_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCAA72A5-4E87-4ADD-B9BC-1A873A861938\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-k1t320ewx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4694AEF-26C6-4B03-BCCB-3683CF788085\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-k1t320ewx_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"679EECBE-B875-4D58-98CE-335E9EAF8B25\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-k1t320ex:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4C45E6F-34DD-4B08-A87F-D9E7D9775ED1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-k1t320ex_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A885F112-F486-4293-A1A7-B69FEB8F1E4F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-k1t320mfwx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC9B3F47-00F9-4C77-AFAF-25D6154E4C15\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-k1t320mfwx_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0711E27-DE19-4639-BF8E-A48FC5A5472D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-k1t320mfx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C842855-FD06-412E-9B88-EDC8B419E87F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-k1t320mfx_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5EB0FE7-3884-4088-A0E2-CF04A5D8C6C0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-k1t320mwx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"541C2F9D-E8D1-4928-B3DE-902B51B33A56\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-k1t320mwx_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35741C9C-4CE7-4196-988F-C623FFD98279\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-k1t320mx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39668BE9-C9D5-4747-A7EA-EC3C9ADC64B0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-k1t320mx_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BF3ED7E-3041-4F50-8265-A9F75BC6FC52\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-k1t341am_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85524CE8-644F-4E8B-B61F-EBD4188F356B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-k1t341am:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F12C75F-FEA4-478D-968A-9B864C49CBFE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-k1t341amf_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19543853-5D0A-437A-8CDF-236D862D7F9E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-k1t341amf:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85E8A304-F67E-4C0E-995B-719E9AFD2791\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-k1t341cm_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A853DC4-2BE1-4709-BCCA-AE0420DC8414\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-k1t341cm:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"624D45FC-FC44-4A02-AE3F-23AD132290B4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-k1t343ewx_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F8B098D-7B32-42A3-ABA0-6148AF132750\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-k1t343ewx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D98F2425-FCB9-40DE-BCE0-3CA9BA6067BF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-k1t343ex_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"644FF6D6-CD32-44D1-A629-6FE0FC2F2025\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-k1t343ex:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4EB3496-4191-4092-961C-5F68D7A99EF6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-k1t343mwx_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"140AD49A-F965-493A-8EA6-7F10EDD049E6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-k1t343mwx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7416B8F5-2918-4418-8A5C-860C5A236BCA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-k1t343mx_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D9CF5F7-31FD-4247-A05F-2425B00F551F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-k1t343mx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D4D8C07-AB2F-4E97-B3E9-C97EFAD3F017\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-k1t671_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CE328C4-08C2-436B-A95E-E03A0D96662F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-k1t671:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B322AE4-4BE3-46EE-BFFD-730274270D52\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-k1t671m_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B0D6A71-EA45-4A29-A98F-3B7F46AFCED6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-k1t671m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4902A1D4-7DF1-4718-BF06-DD6E7EE43E8E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-k1t671mf_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB663C89-06C3-49F9-8316-A9F3883A8488\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-k1t671mf:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFBF47B3-0575-47C7-81E6-43E52411EA4D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-k1t671t_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55E53965-E177-44B0-AB95-80323745741D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-k1t671t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2ABB7E6B-3B39-4D18-A900-FB9818087085\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-k1t671tm_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A95CBFF1-3E92-4080-9B57-185EFEB3D6A2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-k1t671tm:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"050D18D3-868E-47DE-8ACF-55C0278F36DD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-k1t671tm-3xf_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D62D9A96-8A4A-488B-87CB-4A88531F483B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-k1t671tm-3xf:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7844556-1139-4E47-83BF-74E245AB64DC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-k1t671tmf:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F9D7580-7608-466A-9EC2-49891138C31C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-k1t671tmf_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8680383B-7404-4C52-878B-4017C5505298\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-k1t671tmfw_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E59B90D-F25D-4A59-A0EA-17ED42C99500\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-k1t671tmfw:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FAC44FD-D7D4-4499-BD3C-6FA15D0C058F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-k1t671tmw_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B3FC30B-562F-432F-B804-62362E5E2F6F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-k1t671tmw:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE3C9724-1422-45A2-BFA4-D0132D090CCD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-k1t804af_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A641FCD-EB20-4B0E-A536-AD29ABA9FF6D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-k1t804af:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF2888DD-2FBC-453F-ADED-2134D526EB7A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hikvision:ds-k1t804amf_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47C3FB28-D6FE-4455-A71C-C8BD082D092B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hikvision:ds-k1t804amf:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81F0BEA6-D675-4B8D-AEE3-44A63C7107D5\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/174506/Hikvision-Access-Control-Session-Hijacking.html\",\"source\":\"hsrc@hikvision.com\"},{\"url\":\"https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/\",\"source\":\"hsrc@hikvision.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.