Sensitive Information Disclosure in HikVision Camera Driver for XProtect
CVE-2024-12569

5.2MEDIUM

Key Information:

Vendor

Milestone Systems

Status
Xprotect Vms
Vendor
CVE Published:
19 December 2024

Badges

📰 News Worthy

What is CVE-2024-12569?

CVE-2024-12569 is a high-risk vulnerability that affects the HikVision camera drivers in the XProtect Device Pack. It allows unauthorized access to sensitive information stored in the log file, specifically camera credentials located in the Recording Server. Under certain conditions, an attacker can exploit this vulnerability to read the confidential details, which could lead to unauthorized surveillance access. It is crucial for users to evaluate their systems and apply necessary security measures to mitigate the risks associated with this vulnerability.

Affected Version(s)

XProtect VMS Windows 0 < 13.5a

News Articles

favicon imageCybersecurityNews

Hikvision Camera Driver Vulnerability Records Login details in Log files

A newly disclosed security vulnerability, tracked under CVE-2024-12569, has been identified in Hikvision camera drivers.

References

https://supportcommunity.milestonesys.com/KBRedir?art=000...

CVSS V4

Score:
5.2
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 📰

    First article discovered by CybersecurityNews

  • Vulnerability published

  • Vulnerability Reserved

JSON
.