Attacker Could Access Restricted Resources via Parameter Manipulation
CVE-2024-25064

4.3MEDIUM

Key Information:

Vendor: Hikvision
Status: Hikcentral Professional
Vendor: CVE Published:; 2 March 2024

What is CVE-2024-25064?

Due to insufficient server-side validation, an attacker with login privileges could access certain resources that the attacker should not have access to by changing parameter values.

Affected Version(s)

HikCentral Professional Versions after V2.0.0 and before V2.5.1

References

https://www.hikvision.com/en/support/cybersecurity/securi...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 2, 2024
Vulnerability Reserved
Feb 4, 2024

Credit

Abdulazeez Omar