#VU81990 Session Fixation in Hikvision products - CVE-2023-28809


Vulnerability identifier: #VU81990

Vulnerability risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-28809

CWE-ID: CWE-384

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
DS-K1T804AEF
Hardware solutions / Security hardware applicances
DS-K1T804AF
Hardware solutions / Security hardware applicances
DS-K1T804AMF
Hardware solutions / Security hardware applicances
DS-K1T341AM
Hardware solutions / Security hardware applicances
DS-K1T341AMF
Hardware solutions / Security hardware applicances
DS-K1T671M
Hardware solutions / Security hardware applicances
DS-K1T671MF
Hardware solutions / Security hardware applicances
DS-K1T671TM-3XF
Hardware solutions / Security hardware applicances
DS-K1T671TMFW
Hardware solutions / Security hardware applicances
DS-K1T671TMW
Hardware solutions / Security hardware applicances
DS-K1T343EFWX
Hardware solutions / Security hardware applicances
DS-K1T343EFX
Hardware solutions / Security hardware applicances
DS-K1T343EWX
Hardware solutions / Security hardware applicances
DS-K1T343EX
Hardware solutions / Security hardware applicances
DS-K1T343MFWX
Hardware solutions / Security hardware applicances
DS-K1T343MFX
Hardware solutions / Security hardware applicances
DS-K1T343MWX
Hardware solutions / Security hardware applicances
DS-K1T343MX
Hardware solutions / Security hardware applicances
DS-K1T341C
Hardware solutions / Security hardware applicances
DS-K1T320EFWX
Hardware solutions / Security hardware applicances
DS-K1T320EFX
Hardware solutions / Security hardware applicances
DS-K1T320EWX
Hardware solutions / Security hardware applicances
DS-K1T320EX
Hardware solutions / Security hardware applicances
DS-K1T320MFWX
Hardware solutions / Security hardware applicances
DS-K1T320MFX
Hardware solutions / Security hardware applicances
DS-K1T320MWX
Hardware solutions / Security hardware applicances
DS-K1T320MX
Hardware solutions / Security hardware applicances

Vendor: Hikvision

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected device does not update the session ID after a user successfully logs in. A remote attacker can forge the IP and session ID of an authenticated user and gain device operation permissions.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

DS-K1T804AEF: 1.4.0 221212

DS-K1T804AF: 1.4.0 221212

DS-K1T804AMF: 1.4.0 221212

DS-K1T341AM: 3.2.30 221223

DS-K1T341AMF: 3.2.30 221223

DS-K1T671M: 3.2.30 221223

DS-K1T671MF: 3.2.30 221223

DS-K1T671TM-3XF: 3.2.30 221223

DS-K1T671TMFW: 3.2.30 221223

DS-K1T671TMW: 3.2.30 221223

DS-K1T343EFWX: 3.14.0 230117

DS-K1T343EFX: 3.14.0 230117

DS-K1T343EWX: 3.14.0 230117

DS-K1T343EX: 3.14.0 230117

DS-K1T343MFWX: 3.14.0 230117

DS-K1T343MFX: 3.14.0 230117

DS-K1T343MWX: 3.14.0 230117

DS-K1T343MX: 3.14.0 230117

DS-K1T341C: 3.3.8 230112

DS-K1T320EFWX: 3.5.0 220706

DS-K1T320EFX: 3.5.0 220706

DS-K1T320EWX: 3.5.0 220706

DS-K1T320EX: 3.5.0 220706

DS-K1T320MFWX: 3.5.0 220706

DS-K1T320MFX: 3.5.0 220706

DS-K1T320MWX: 3.5.0 220706

DS-K1T320MX: 3.5.0 220706

External links
https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/
https://packetstormsecurity.com/files/174506/Hikvision-Access-Control-Session-Hijacking.html
https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-14

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Hikvision Access Control and Intercom Products