CVE-2023-28808
First published: Tue Apr 11 2023(Updated: )
Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.
Credit: hsrc@hikvision.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hikvision DS-A71024 | <=2.3.8-8 | |
| Hikvision DS-A71024 Firmware | ||
| Hikvision DS-A71048 Firmware | <=2.3.8-8 | |
| Hikvision DS-A71048 | ||
| Hikvision DS-A71072R Firmware | <=2.3.8-8 | |
| Hikvision DS-A71072R Firmware | ||
| Hikvision DS-A80624S Firmware | <=2.3.8-8 | |
| Hikvision DS-A80624S Firmware | ||
| Hikvision DS-A81016S | <=2.3.8-8 | |
| Hikvision DS-A81016S Firmware | ||
| Hikvision DS-A72024 | <=2.3.8-8 | |
| Hikvision DS-A72024 Firmware | ||
| Hikvision DS-A72072R | ||
| Hikvision DS-A72072R Firmware | ||
| Hikvision DS-A80316S | <=2.3.8-8 | |
| Hikvision DS-A80316S | ||
| Hikvision DS-A82024D | <=2.3.8-8 | |
| Hikvision DS-A82024D Firmware | ||
| Hikvision DS-A71024 | <=1.1.4 | |
| Hikvision DS-A71048R-CVS | <=1.1.4 | |
| Hikvision DS-A71048R-CVS Firmware | ||
| Hikvision DS-A72072R | <=2.3.8-8 |
Remedy
https://www.hikvision.com/content/dam/hikvision/en/support/notice/security-notification-23-4-10/Fixing-Security-Vulnerability-of-Hybrid-SAN-230407.zip
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-28808?
CVE-2023-28808 is a vulnerability in some Hikvision Hybrid SAN/Cluster Storage products that allows an attacker to obtain admin permissions.
How can the vulnerability in Hikvision Hybrid SAN/Cluster Storage products be exploited?
The vulnerability can be exploited by sending crafted messages to the affected devices.
What is the severity of CVE-2023-28808?
The severity of CVE-2023-28808 is critical, with a CVSS score of 9.8.
Which Hikvision Hybrid SAN/Cluster Storage products are affected by CVE-2023-28808?
Some Hikvision Hybrid SAN/Cluster Storage products with the following firmware versions are affected: DS-a71024, DS-a71048, DS-a71072r, DS-a80624s, DS-a81016s, DS-a72024, DS-a72072r, DS-a80316s, DS-a82024d.
How can I fix CVE-2023-28808?
To fix CVE-2023-28808, update the firmware of the affected Hikvision Hybrid SAN/Cluster Storage products to version 2.3.8-8 or later.
- agent/type
- agent/weakness
- agent/severity
- agent/remedy
- agent/author
- agent/references
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/hikvision
- canonical/hikvision ds-a71024
- version/hikvision ds-a71024/2.3.8-8
- canonical/hikvision ds-a71024 firmware
- canonical/hikvision ds-a71048 firmware
- version/hikvision ds-a71048 firmware/2.3.8-8
- canonical/hikvision ds-a71048
- canonical/hikvision ds-a71072r firmware
- version/hikvision ds-a71072r firmware/2.3.8-8
- canonical/hikvision ds-a80624s firmware
- version/hikvision ds-a80624s firmware/2.3.8-8
- canonical/hikvision ds-a81016s
- version/hikvision ds-a81016s/2.3.8-8
- canonical/hikvision ds-a81016s firmware
- canonical/hikvision ds-a72024
- version/hikvision ds-a72024/2.3.8-8
- canonical/hikvision ds-a72024 firmware
- canonical/hikvision ds-a72072r
- canonical/hikvision ds-a72072r firmware
- canonical/hikvision ds-a80316s
- version/hikvision ds-a80316s/2.3.8-8
- canonical/hikvision ds-a82024d
- version/hikvision ds-a82024d/2.3.8-8
- canonical/hikvision ds-a82024d firmware
- version/hikvision ds-a71024/1.1.4
- canonical/hikvision ds-a71048r-cvs
- version/hikvision ds-a71048r-cvs/1.1.4
- canonical/hikvision ds-a71048r-cvs firmware
- version/hikvision ds-a72072r/2.3.8-8