Access Control Flaw in Hikvision Hybrid SAN/Cluster Storage
CVE-2023-28808

9.1CRITICAL

Key Information:

Vendor

Hikvision

Status
Ds-a71024/48/72r,ds-a80624s,ds-a81016s,ds-a72024/72r,ds-a80316s,ds-a82024d
Ds-a71024/48r-cvs,ds-a72024/48r-cvs
Vendor
CVE Published:
11 April 2023

What is CVE-2023-28808?

Certain models of Hikvision Hybrid SAN/Cluster Storage devices are affected by an access control vulnerability. This flaw allows unauthorized users to gain administrative permissions by sending specially crafted messages to these devices. This could lead to potential unauthorized access and manipulation of sensitive data stored on the affected systems. It is crucial for users to remain vigilant and apply necessary security patches to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

DS-A71024/48/72R,DS-A80624S,DS-A81016S,DS-A72024/72R,DS-A80316S,DS-A82024D V2.X

DS-A71024/48R-CVS,DS-A72024/48R-CVS V1.X

References

https://www.hikvision.com/en/support/cybersecurity/securi...

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Souvik Kandar, Arko Dhar
JSON
.