Multiple vulnerabilities in Hikvision Access Control and Intercom Products



Published: 2023-10-13
Risk Medium
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2023-28809
CVE-2023-28810
CWE-ID CWE-384
CWE-284
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		DS-K1T804AEF
Hardware solutions / Security hardware applicances

DS-K1T804AF
Hardware solutions / Security hardware applicances

DS-K1T804AMF
Hardware solutions / Security hardware applicances

DS-K1T341AM
Hardware solutions / Security hardware applicances

DS-K1T341AMF
Hardware solutions / Security hardware applicances

DS-K1T671M
Hardware solutions / Security hardware applicances

DS-K1T671MF
Hardware solutions / Security hardware applicances

DS-K1T671TM-3XF
Hardware solutions / Security hardware applicances

DS-K1T671TMFW
Hardware solutions / Security hardware applicances

DS-K1T671TMW
Hardware solutions / Security hardware applicances

DS-K1T343EFWX
Hardware solutions / Security hardware applicances

DS-K1T343EFX
Hardware solutions / Security hardware applicances

DS-K1T343EWX
Hardware solutions / Security hardware applicances

DS-K1T343EX
Hardware solutions / Security hardware applicances

DS-K1T343MFWX
Hardware solutions / Security hardware applicances

DS-K1T343MFX
Hardware solutions / Security hardware applicances

DS-K1T343MWX
Hardware solutions / Security hardware applicances

DS-K1T343MX
Hardware solutions / Security hardware applicances

DS-K1T341C
Hardware solutions / Security hardware applicances

DS-K1T320EFWX
Hardware solutions / Security hardware applicances

DS-K1T320EFX
Hardware solutions / Security hardware applicances

DS-K1T320EWX
Hardware solutions / Security hardware applicances

DS-K1T320EX
Hardware solutions / Security hardware applicances

DS-K1T320MFWX
Hardware solutions / Security hardware applicances

DS-K1T320MFX
Hardware solutions / Security hardware applicances

DS-K1T320MWX
Hardware solutions / Security hardware applicances

DS-K1T320MX
Hardware solutions / Security hardware applicances

DS-KH63 Series
Hardware solutions / Security hardware applicances

DS-KH85 Series
Hardware solutions / Security hardware applicances

DS-KH62 Series
Hardware solutions / Security hardware applicances

DS-KH9310-WTE1(B)
Hardware solutions / Security hardware applicances

DS-KH9510-WTE1(B)
Hardware solutions / Security hardware applicances

Vendor Hikvision

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Session Fixation

EUVDB-ID: #VU81990

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28809

CWE-ID: CWE-384 - Session Fixation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected device does not update the session ID after a user successfully logs in. A remote attacker can forge the IP and session ID of an authenticated user and gain device operation permissions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

DS-K1T804AEF: 1.4.0 221212

DS-K1T804AF: 1.4.0 221212

DS-K1T804AMF: 1.4.0 221212

DS-K1T341AM: 3.2.30 221223

DS-K1T341AMF: 3.2.30 221223

DS-K1T671M: 3.2.30 221223

DS-K1T671MF: 3.2.30 221223

DS-K1T671TM-3XF: 3.2.30 221223

DS-K1T671TMFW: 3.2.30 221223

DS-K1T671TMW: 3.2.30 221223

DS-K1T343EFWX: 3.14.0 230117

DS-K1T343EFX: 3.14.0 230117

DS-K1T343EWX: 3.14.0 230117

DS-K1T343EX: 3.14.0 230117

DS-K1T343MFWX: 3.14.0 230117

DS-K1T343MFX: 3.14.0 230117

DS-K1T343MWX: 3.14.0 230117

DS-K1T343MX: 3.14.0 230117

DS-K1T341C: 3.3.8 230112

DS-K1T320EFWX: 3.5.0 220706

DS-K1T320EFX: 3.5.0 220706

DS-K1T320EWX: 3.5.0 220706

DS-K1T320EX: 3.5.0 220706

DS-K1T320MFWX: 3.5.0 220706

DS-K1T320MFX: 3.5.0 220706

DS-K1T320MWX: 3.5.0 220706

DS-K1T320MX: 3.5.0 220706

External links

http://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/
http://packetstormsecurity.com/files/174506/Hikvision-Access-Control-Session-Hijacking.html
http://www.cisa.gov/news-events/ics-advisories/icsa-23-285-14


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper access control

EUVDB-ID: #VU81992

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28810

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker on the local network can send specially crafted data packets to the vulnerable interface and modify device network configuration.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

DS-K1T804AEF: 1.4.0 221212

DS-K1T804AF: 1.4.0 221212

DS-K1T804AMF: 1.4.0 221212

DS-K1T341AM: 3.2.30 221223

DS-K1T341AMF: 3.2.30 221223

DS-K1T671M: 3.2.30 221223

DS-K1T671MF: 3.2.30 221223

DS-K1T671TM-3XF: 3.2.30 221223

DS-K1T671TMFW: 3.2.30 221223

DS-K1T671TMW: 3.2.30 221223

DS-K1T343EFWX: 3.14.0 230117

DS-K1T343EFX: 3.14.0 230117

DS-K1T343EWX: 3.14.0 230117

DS-K1T343EX: 3.14.0 230117

DS-K1T343MFWX: 3.14.0 230117

DS-K1T343MFX: 3.14.0 230117

DS-K1T343MWX: 3.14.0 230117

DS-K1T343MX: 3.14.0 230117

DS-K1T341C: 3.3.8 230112

DS-K1T320EFWX: 3.5.0 220706

DS-K1T320EFX: 3.5.0 220706

DS-K1T320EWX: 3.5.0 220706

DS-K1T320EX: 3.5.0 220706

DS-K1T320MFWX: 3.5.0 220706

DS-K1T320MFX: 3.5.0 220706

DS-K1T320MWX: 3.5.0 220706

DS-K1T320MX: 3.5.0 220706

DS-KH63 Series: 2.2.8 230219

DS-KH85 Series: 2.2.8 230219

DS-KH62 Series: 1.4.62 220414

DS-KH9310-WTE1(B): 2.1.76 230204

DS-KH9510-WTE1(B): 2.1.76 230204

External links

http://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/
http://www.cisa.gov/news-events/ics-advisories/icsa-23-285-14


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###