CVE-2023-28809

Published: Jun 15, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.6 / Impact: 5.9

Source: NVD

Description

Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user.

Affected (26)

Hikvision

26 products

Ds K1t320efwx Firmware

Ds K1t320efx Firmware

Ds K1t320ewx Firmware

Ds K1t320ex Firmware

Ds K1t320mfwx Firmware

Ds K1t320mfx Firmware

Ds K1t320mwx Firmware

Ds K1t320mx Firmware

Ds K1t341am Firmware

Ds K1t341amf Firmware

Ds K1t341cm Firmware

Ds K1t343ewx Firmware

Ds K1t343ex Firmware

Ds K1t343mwx Firmware

Ds K1t671tm 3xf Firmware

Ds K1t671tmf Firmware

Ds K1t671tmfw Firmware

Ds K1t671tmw Firmware

Ds K1t804af Firmware

Ds K1t804amf Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hikvision Ds K1t320efwx Firmware	All versions

Running on/with	Platform Versions
Hikvision Ds K1t320efwx	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hikvision Ds K1t320efx Firmware	All versions

Running on/with	Platform Versions
Hikvision Ds K1t320efx	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hikvision Ds K1t320ewx Firmware	All versions

Running on/with	Platform Versions
Hikvision Ds K1t320ewx	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hikvision Ds K1t320ex Firmware	All versions

Running on/with	Platform Versions
Hikvision Ds K1t320ex	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hikvision Ds K1t320mfwx Firmware	All versions

Running on/with	Platform Versions
Hikvision Ds K1t320mfwx	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hikvision Ds K1t320mfx Firmware	All versions

Running on/with	Platform Versions
Hikvision Ds K1t320mfx	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hikvision Ds K1t320mwx Firmware	All versions

Running on/with	Platform Versions
Hikvision Ds K1t320mwx	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hikvision Ds K1t320mx Firmware	All versions

Running on/with	Platform Versions
Hikvision Ds K1t320mx	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hikvision Ds K1t341am Firmware	All versions

Running on/with	Platform Versions
Hikvision Ds K1t341am	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hikvision Ds K1t341amf Firmware	All versions

Running on/with	Platform Versions
Hikvision Ds K1t341amf	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hikvision Ds K1t341cm Firmware	All versions

Running on/with	Platform Versions
Hikvision Ds K1t341cm	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hikvision Ds K1t343ewx Firmware	All versions

Running on/with	Platform Versions
Hikvision Ds K1t343ewx	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hikvision Ds K1t343ex Firmware	All versions

Running on/with	Platform Versions
Hikvision Ds K1t343ex	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hikvision Ds K1t343mwx Firmware	All versions

Running on/with	Platform Versions
Hikvision Ds K1t343mwx	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hikvision Ds K1t343mx Firmware	All versions

Running on/with	Platform Versions
Hikvision Ds K1t343mx	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hikvision Ds K1t671 Firmware	All versions

Running on/with	Platform Versions
Hikvision Ds K1t671	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hikvision Ds K1t671m Firmware	All versions

Running on/with	Platform Versions
Hikvision Ds K1t671m	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hikvision Ds K1t671mf Firmware	All versions

Running on/with	Platform Versions
Hikvision Ds K1t671mf	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hikvision Ds K1t671t Firmware	All versions

Running on/with	Platform Versions
Hikvision Ds K1t671t	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hikvision Ds K1t671tm Firmware	All versions

Running on/with	Platform Versions
Hikvision Ds K1t671tm	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hikvision Ds K1t671tm 3xf Firmware	All versions

Running on/with	Platform Versions
Hikvision Ds K1t671tm 3xf	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hikvision Ds K1t671tmf Firmware	All versions

Running on/with	Platform Versions
Hikvision Ds K1t671tmf	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hikvision Ds K1t671tmfw Firmware	All versions

Running on/with	Platform Versions
Hikvision Ds K1t671tmfw	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hikvision Ds K1t671tmw Firmware	All versions

Running on/with	Platform Versions
Hikvision Ds K1t671tmw	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hikvision Ds K1t804af Firmware	All versions

Running on/with	Platform Versions
Hikvision Ds K1t804af	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hikvision Ds K1t804amf Firmware	All versions

Running on/with	Platform Versions
Hikvision Ds K1t804amf	All versions

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-384

Session Fixation

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

References (4)

http://packetstormsecurity.com/files/174506/Hikvision-Access-Control-Session-Hijacking.html

Source: hsrc@hikvision.com

https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/

Source: hsrc@hikvision.com

Vendor Advisory

http://packetstormsecurity.com/files/174506/Hikvision-Access-Control-Session-Hijacking.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.