github - ghsa-75h5-6rfc-gv4f

ghsa-75h5-6rfc-gv4f

Vulnerability from github

Published

2023-06-16 00:30

Modified

2024-04-04 04:53

Severity ?

4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-28810"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-15T22:15:09Z",
    "severity": "MODERATE"
  },
  "details": "Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network.",
  "id": "GHSA-75h5-6rfc-gv4f",
  "modified": "2024-04-04T04:53:31Z",
  "published": "2023-06-16T00:30:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28810"
    },
    {
      "type": "WEB",
      "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

cve-2023-28810

Vulnerability from cvelistv5

Published

2023-06-15 00:00

Modified

2024-08-02 13:51

Severity ?

4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

References

▼	URL	Tags
	https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/

Impacted products

▼	Vendor	Product
	hikvision	DS-K1T804AXX
	hikvision	DS-K1T341AXX
	hikvision	DS-K1T671XXX
	hikvision	DS-K1T343XXX
	hikvision	DS-K1T341C
	hikvision	DS-K1T320XXX
	hikvision	DS-KH63 Series,DS-KH85 Series
	hikvision	DS-KH9310-WTE1(B),DS-KH9510-WTE1(B)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T13:51:38.295Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DS-K1T804AXX",
          "vendor": "hikvision",
          "versions": [
            {
              "lessThan": "V1.4.0_build221212",
              "status": "affected",
              "version": "V1.4.0_build221212",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "DS-K1T341AXX",
          "vendor": "hikvision",
          "versions": [
            {
              "lessThan": "V3.2.30_build221223",
              "status": "affected",
              "version": "V3.2.30_build221223",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "DS-K1T671XXX",
          "vendor": "hikvision",
          "versions": [
            {
              "lessThan": "V3.2.30_build221223",
              "status": "affected",
              "version": "V3.2.30_build221223",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "DS-K1T343XXX",
          "vendor": "hikvision",
          "versions": [
            {
              "lessThan": "V3.14.0_build230117",
              "status": "affected",
              "version": "V3.14.0_build230117",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "DS-K1T341C",
          "vendor": "hikvision",
          "versions": [
            {
              "lessThan": "V3.3.8_build230112",
              "status": "affected",
              "version": "V3.3.8_build230112",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "DS-K1T320XXX",
          "vendor": "hikvision",
          "versions": [
            {
              "lessThan": "V3.5.0_build220706",
              "status": "affected",
              "version": "V3.5.0_build220706",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "DS-KH63 Series,DS-KH85 Series",
          "vendor": "hikvision",
          "versions": [
            {
              "lessThan": "V2.2.8_build230219",
              "status": "affected",
              "version": "V2.2.8_build230219",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "DS-KH9310-WTE1(B),DS-KH9510-WTE1(B)",
          "vendor": "hikvision",
          "versions": [
            {
              "lessThan": "V2.1.76_build230204 ",
              "status": "affected",
              "version": "V2.1.76_build230204 ",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Peter Szot"
        }
      ],
      "datePublic": "2023-06-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284 Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-15T00:00:00",
        "orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
        "shortName": "hikvision"
      },
      "references": [
        {
          "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "https://www.hikvision.com/en/support/download/firmware/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
    "assignerShortName": "hikvision",
    "cveId": "CVE-2023-28810",
    "datePublished": "2023-06-15T00:00:00",
    "dateReserved": "2023-03-23T00:00:00",
    "dateUpdated": "2024-08-02T13:51:38.295Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted