CVE-2023-28809
published 2023-06-15CVE-2023-28809: Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in…
PriorityP341high7.5CVSS 3.1
AVNACHPRNUIRSUCHIHAH
EPSS
0.64%
45.9th percentile
Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hikvision | ds-k1t320xxx | >= V3.5.0_build220706 < V3.5.0_build220706 | V3.5.0_build220706 |
| hikvision | ds-k1t341axx | >= V3.2.30_build221223 < V3.2.30_build221223 | V3.2.30_build221223 |
| hikvision | ds-k1t341c | >= V3.3.8_build230112 < V3.3.8_build230112 | V3.3.8_build230112 |
| hikvision | ds-k1t343xxx | >= V3.14.0_build230117 < V3.14.0_build230117 | V3.14.0_build230117 |
| hikvision | ds-k1t671xxx | >= V3.2.30_build221223 < V3.2.30_build221223 | V3.2.30_build221223 |
| hikvision | ds-k1t804axx | >= V1.4.0_build221212 < V1.4.0_build221212 | V1.4.0_build221212 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Hikvision Access Control and Intercom Products
cisa_ics·2023-10-12·CVSS 7.5
[HIGH] Hikvision Access Control and Intercom Products
ICS Advisory
##
Hikvision Access Control and Intercom Products
Release DateOctober 12, 2023
Alert CodeICSA-23-285-14
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.5
- ATTENTION: Exploitable remotely
- Vendor: Hikvision
- Equipment: Access Control and Intercom Products
- Vulnerabilities: Session Fixation, Improper Access Control
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could result in an attacker hijacking a session and gaining device operation permissions or result in an attacker modifying device network configuration by sending specific data packets to a vulnerable interface within the same local network.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following Access Control and Intercom Products are affected:
-
D
GHSA
GHSA-g8rj-9f8j-3x3w: Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully
ghsa_unreviewed·2023-06-15
CVE-2023-28809 [HIGH] CWE-284 GHSA-g8rj-9f8j-3x3w: Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully
Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/174506/Hikvision-Access-Control-Session-Hijacking.htmlhttps://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/http://packetstormsecurity.com/files/174506/Hikvision-Access-Control-Session-Hijacking.htmlhttps://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/
2023-06-15
Published