CVE-2017-7923
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD
Description
A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The password in configuration file vulnerability could allow a malicious user to escalate privileges or assume the identity of another user and access sensitive information.
Affected (58)
Products: Hikvision: Ds 2cd2032 I Firmware, Ds 2cd2112 I Firmware, Ds 2cd2132 I Firmware, Ds 2cd2212 I5 Firmware, Ds 2cd2232 I5 Firmware, Ds 2cd2312 I Firmware, Ds 2cd2332 I Firmware, Ds 2cd2412f I(w) Firmware, Ds 2cd2432f I(w) Firmware, Ds 2cd2512f I(s) Firmware, Ds 2cd2532f I(s) Firmware, Ds 2cd2612f I(s) Firmware, Ds 2cd2632f I(s) Firmware, Ds 2cd2712f I(s) Firmware, Ds 2cd2732f I(s) Firmware, Ds 2cd2t32 I3 Firmware, Ds 2cd2t32 I5 Firmware, Ds 2cd2t32 I8 Firmware, Ds 2cd4012f (a) Firmware, Ds 2cd4012f (p) Firmware, Ds 2cd4012f (w) Firmware, Ds 2cd4012fwd (a) Firmware, Ds 2cd4012fwd (p) Firmware, Ds 2cd4012fwd (w) Firmware, Ds 2cd4024f (a) Firmware, Ds 2cd4024f (p) Firmware, Ds 2cd4024f (w) Firmware, Ds 2cd4032fwd (a) Firmware, Ds 2cd4032fwd (p) Firmware, Ds 2cd4032fwd (w) Firmware, Ds 2cd4112f I(z) Firmware, Ds 2cd4112fwd I(z) Firmware, Ds 2cd4124f I(z) Firmware, Ds 2cd4132fwd I(z) Firmware, Ds 2cd4212f I(h) Firmware, Ds 2cd4212f I(s) Firmware, Ds 2cd4212f I(z) Firmware, Ds 2cd4212fwd I(h) Firmware, Ds 2cd4212fwd I(s) Firmware, Ds 2cd4212fwd I(z) Firmware, Ds 2cd4224f I(h) Firmware, Ds 2cd4224f I(s) Firmware, Ds 2cd4224f I(z) Firmware, Ds 2cd4232fwd I(h) Firmware, Ds 2cd4232fwd I(s) Firmware, Ds 2cd4232fwd I(z) Firmware, Ds 2cd4312f I(h) Firmware, Ds 2cd4312f I(s) Firmware, Ds 2cd4312f I(z) Firmware, Ds 2cd4324f I(h) Firmware, Ds 2cd4324f I(s) Firmware, Ds 2cd4324f I(z) Firmware, Ds 2cd4332fwd I(h) Firmware, Ds 2cd4332fwd I(s) Firmware, Ds 2cd4332fwd I(z) Firmware, Ds 2cd6412fwd Firmware, Ds 2dfx Series Firmware, Ds 2cd63xx Series Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions |
| Running on/with | Platform Versions |
|---|---|
Hikvision Ds 2cd2032 I | All versions |
Hikvision Ds 2cd2112 I | All versions |
Hikvision Ds 2cd2132 I | All versions |
Hikvision Ds 2cd2212 I5 | All versions |
Hikvision Ds 2cd2232 I5 | All versions |
Hikvision Ds 2cd2312 I | All versions |
Hikvision Ds 2cd2332 I | All versions |
Hikvision Ds 2cd2412f I(w) | All versions |
Hikvision Ds 2cd2432f I(w) | All versions |
Hikvision Ds 2cd2512f I(s) | All versions |
Hikvision Ds 2cd2532f I(s) | All versions |
Hikvision Ds 2cd2612f I(s) | All versions |
Hikvision Ds 2cd2632f I(s) | All versions |
Hikvision Ds 2cd2712f I(s) | All versions |
Hikvision Ds 2cd2732f I(s) | All versions |
Hikvision Ds 2cd2t32 I3 | All versions |
Hikvision Ds 2cd2t32 I5 | All versions |
Hikvision Ds 2cd2t32 I8 | All versions |
Hikvision Ds 2cd4012f (a) | All versions |
Hikvision Ds 2cd4012f (p) | All versions |
Hikvision Ds 2cd4012f (w) | All versions |
Hikvision Ds 2cd4012fwd (a) | All versions |
Hikvision Ds 2cd4012fwd (p) | All versions |
Hikvision Ds 2cd4012fwd (w) | All versions |
Hikvision Ds 2cd4024f (a) | All versions |
Hikvision Ds 2cd4024f (p) | All versions |
Hikvision Ds 2cd4024f (w) | All versions |
Hikvision Ds 2cd4032fwd (a) | All versions |
Hikvision Ds 2cd4032fwd (p) | All versions |
Hikvision Ds 2cd4032fwd (w) | All versions |
Hikvision Ds 2cd4112f I(z) | All versions |
Hikvision Ds 2cd4112fwd I(z) | All versions |
Hikvision Ds 2cd4124f I(z) | All versions |
Hikvision Ds 2cd4132fwd I(z) | All versions |
Hikvision Ds 2cd4212f I(h) | All versions |
Hikvision Ds 2cd4212f I(s) | All versions |
Hikvision Ds 2cd4212f I(z) | All versions |
Hikvision Ds 2cd4212fwd I(h) | All versions |
Hikvision Ds 2cd4212fwd I(s) | All versions |
Hikvision Ds 2cd4212fwd I(z) | All versions |
Hikvision Ds 2cd4224f I(h) | All versions |
Hikvision Ds 2cd4224f I(s) | All versions |
Hikvision Ds 2cd4224f I(z) | All versions |
Hikvision Ds 2cd4232fwd I(h) | All versions |
Hikvision Ds 2cd4232fwd I(s) | All versions |
Hikvision Ds 2cd4232fwd I(z) | All versions |
Hikvision Ds 2cd4312f I(h) | All versions |
Hikvision Ds 2cd4312f I(s) | All versions |
Hikvision Ds 2cd4312f I(z) | All versions |
Hikvision Ds 2cd4324f I(h) | All versions |
Hikvision Ds 2cd4324f I(s) | All versions |
Hikvision Ds 2cd4324f I(z) | All versions |
Hikvision Ds 2cd4332fwd I(h) | All versions |
Hikvision Ds 2cd4332fwd I(s) | All versions |
Hikvision Ds 2cd4332fwd I(z) | All versions |
Hikvision Ds 2cd6412fwd | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Hikvision Ds 2dfx Series | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Hikvision Ds 2cd63xx Series | All versions |
Related CWEs
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-260
Password in Configuration File
The product stores a password in a configuration file that might be accessible to actors who do not know the password.
References (11)
Source: ics-cert@hq.dhs.gov
Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Timeline
No history available yet.