9.8
CVE-2023-28808
- EPSS 0.61%
- Veröffentlicht 11.04.2023 21:15:29
- Zuletzt bearbeitet 21.11.2024 07:56:03
- Quelle hsrc@hikvision.com
- CVE-Watchlists
- Unerledigt
LoginSome Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hikvision ≫ Ds-a71024 Firmware Version <= 2.3.8-8
Hikvision ≫ Ds-a71048 Firmware Version <= 2.3.8-8
Hikvision ≫ Ds-a71072r Firmware Version <= 2.3.8-8
Hikvision ≫ Ds-a80624s Firmware Version <= 2.3.8-8
Hikvision ≫ Ds-a81016s Firmware Version <= 2.3.8-8
Hikvision ≫ Ds-a72024 Firmware Version <= 2.3.8-8
Hikvision ≫ Ds-a72072r Firmware Version-
Hikvision ≫ Ds-a80316s Firmware Version <= 2.3.8-8
Hikvision ≫ Ds-a82024d Firmware Version <= 2.3.8-8
Hikvision ≫ Ds-a71024 Firmware Version <= 1.1.4
Hikvision ≫ Ds-a71048r-cvs Firmware Version <= 1.1.4
Hikvision ≫ Ds-a72072r Firmware Version <= 2.3.8-8
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.61% | 0.695 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| hsrc@hikvision.com | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.