CVE-2023-6895: Hikvision Intercom Broadcasting System ping.php os command injection
First published: Sun Dec 17 2023(Updated: )
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondata[ip] with the input netstat -ano leads to os command injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-248254 is the identifier assigned to this vulnerability.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Hikvision Intercom Broadcast System | >=3.0.3<4.1.0 | |
| Any of | ||
| Hikvision DS-KD-BK | ||
| Hikvision DS-KD-DIS | ||
| Hikvision DS-KD-E | ||
| Hikvision DS-KD-IN | ||
| Hikvision DS-KD-INFO | ||
| Hikvision DS-KD-KK | ||
| Hikvision DS-KD-KK/S | ||
| Hikvision DS-KD-KP | ||
| Hikvision DS-KD-KP/S | ||
| Hikvision DS-KD-M | ||
| Hikvision DS-KD3003-E6 | ||
| Hikvision DS-KD8003IME1(B) | ||
| Hikvision DS-KD8003IME1(B) | ||
| Hikvision DS-KD8003IME1(B)/NS | ||
| Hikvision DS-KD8003IME1(B)/S | ||
| Hikvision DS-KD8003IME1(B)/SURFACE | ||
| Hikvision DS-KH6220-LE1 Firmware | ||
| Hikvision DS-KH6320 | ||
| Hikvision DS-KH6320 | ||
| Hikvision DS-KH6320 | ||
| Hikvision DS-KH6320 | ||
| Hikvision DS-KH6320 | ||
| Hikvision DS-KH6350-WTE1 Firmware | ||
| Hikvision DS-KH6351-TE1 Firmware | ||
| Hikvision DS-KH6351-TE1 | ||
| Hikvision DS-KH63LE1(B) | ||
| Hikvision DS-KH8520-WTE1 | ||
| Hikvision DS-KH9310-WTE1(B) | ||
| Hikvision DS-KH9510-WTE1(B) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-6895?
CVE-2023-6895 has been declared as critical.
What impact does CVE-2023-6895 have on the Hikvision Intercom Broadcasting System?
CVE-2023-6895 allows for OS command injection through the manipulation of the jsondata[ip] argument.
How do I fix CVE-2023-6895?
To fix CVE-2023-6895, update the Hikvision Intercom Broadcasting System to version 4.1.0 or higher.
Which versions of Hikvision Intercom Broadcasting System are affected by CVE-2023-6895?
Versions from 3.0.3 up to but not including 4.1.0 are affected by CVE-2023-6895.
Is there a proof of concept for CVE-2023-6895?
Yes, there is a proof of concept that demonstrates the exploitation of CVE-2023-6895.
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/severity
- agent/title
- agent/author
- agent/references
- agent/description
- agent/event
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- vendor/hikvision
- canonical/hikvision intercom broadcast system
- version/hikvision intercom broadcast system/3.0.3
- canonical/hikvision ds-kd-bk
- canonical/hikvision ds-kd-dis
- canonical/hikvision ds-kd-e
- canonical/hikvision ds-kd-in
- canonical/hikvision ds-kd-info
- canonical/hikvision ds-kd-kk
- canonical/hikvision ds-kd-kk/s
- canonical/hikvision ds-kd-kp
- canonical/hikvision ds-kd-kp/s
- canonical/hikvision ds-kd-m
- canonical/hikvision ds-kd3003-e6
- canonical/hikvision ds-kd8003ime1(b)
- canonical/hikvision ds-kd8003ime1(b)/ns
- canonical/hikvision ds-kd8003ime1(b)/s
- canonical/hikvision ds-kd8003ime1(b)/surface
- canonical/hikvision ds-kh6220-le1 firmware
- canonical/hikvision ds-kh6320
- canonical/hikvision ds-kh6350-wte1 firmware
- canonical/hikvision ds-kh6351-te1 firmware
- canonical/hikvision ds-kh6351-te1
- canonical/hikvision ds-kh63le1(b)
- canonical/hikvision ds-kh8520-wte1
- canonical/hikvision ds-kh9310-wte1(b)
- canonical/hikvision ds-kh9510-wte1(b)