CVE-2023-28809 - Vulnerability Details

Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00133.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Hikvision	Ds-k1t320efwx Ds-k1t320efwx Firmware Ds-k1t320efx Ds-k1t320efx Firmware Ds-k1t320ewx Ds-k1t320ewx Firmware Ds-k1t320ex Ds-k1t320ex Firmware Ds-k1t320mfwx Ds-k1t320mfwx Firmware Ds-k1t320mfx Ds-k1t320mfx Firmware Ds-k1t320mwx Ds-k1t320mwx Firmware Ds-k1t320mx Ds-k1t320mx Firmware Ds-k1t341am Ds-k1t341am Firmware Ds-k1t341amf Ds-k1t341amf Firmware Ds-k1t341cm Ds-k1t341cm Firmware Ds-k1t343ewx Ds-k1t343ewx Firmware Ds-k1t343ex Ds-k1t343ex Firmware Ds-k1t343mwx Ds-k1t343mwx Firmware Ds-k1t343mx Ds-k1t343mx Firmware Ds-k1t671 Ds-k1t671 Firmware Ds-k1t671m Ds-k1t671m Firmware Ds-k1t671mf Ds-k1t671mf Firmware Ds-k1t671t Ds-k1t671t Firmware Ds-k1t671tm Ds-k1t671tm-3xf Ds-k1t671tm-3xf Firmware Ds-k1t671tm Firmware Ds-k1t671tmf Ds-k1t671tmf Firmware Ds-k1t671tmfw Ds-k1t671tmfw Firmware Ds-k1t671tmw Ds-k1t671tmw Firmware Ds-k1t804af Ds-k1t804af Firmware Ds-k1t804amf Ds-k1t804amf Firmware

Configuration 1 [-]

AND

cpe:2.3:o:hikvision:ds-k1t320efwx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hikvision:ds-k1t320efwx:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:hikvision:ds-k1t320efx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hikvision:ds-k1t320efx:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:hikvision:ds-k1t320ewx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hikvision:ds-k1t320ewx:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:hikvision:ds-k1t320ex_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hikvision:ds-k1t320ex:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:hikvision:ds-k1t320mfwx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hikvision:ds-k1t320mfwx:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:hikvision:ds-k1t320mfx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hikvision:ds-k1t320mfx:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:hikvision:ds-k1t320mwx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hikvision:ds-k1t320mwx:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:hikvision:ds-k1t320mx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hikvision:ds-k1t320mx:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:hikvision:ds-k1t341am_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hikvision:ds-k1t341am:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:hikvision:ds-k1t341amf_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hikvision:ds-k1t341amf:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:hikvision:ds-k1t341cm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hikvision:ds-k1t341cm:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:hikvision:ds-k1t343ewx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hikvision:ds-k1t343ewx:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:hikvision:ds-k1t343ex_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hikvision:ds-k1t343ex:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:hikvision:ds-k1t343mwx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hikvision:ds-k1t343mwx:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:hikvision:ds-k1t343mx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hikvision:ds-k1t343mx:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:hikvision:ds-k1t671_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hikvision:ds-k1t671:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:hikvision:ds-k1t671m_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hikvision:ds-k1t671m:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:hikvision:ds-k1t671mf_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hikvision:ds-k1t671mf:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:hikvision:ds-k1t671t_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hikvision:ds-k1t671t:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:hikvision:ds-k1t671tm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hikvision:ds-k1t671tm:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:hikvision:ds-k1t671tm-3xf_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hikvision:ds-k1t671tm-3xf:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:hikvision:ds-k1t671tmf_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hikvision:ds-k1t671tmf:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:hikvision:ds-k1t671tmfw_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hikvision:ds-k1t671tmfw:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:hikvision:ds-k1t671tmw_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hikvision:ds-k1t671tmw:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:hikvision:ds-k1t804af_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hikvision:ds-k1t804af:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:hikvision:ds-k1t804amf_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hikvision:ds-k1t804amf:-:*:*:*:*:*:*:*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-32444	Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user.

Fixes

Solution

https://www.hikvision.com/en/support/download/firmware/

Workaround

No workaround given by the vendor.

References

Link	Providers
http://packetstormsecurity.com/files/174506/Hikvision-Access-Control-Session-Hijacking.html
https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/

History

Wed, 18 Dec 2024 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: hikvision

Published: 2023-06-15T00:00:00

Updated: 2024-12-18T16:24:05.385Z

Reserved: 2023-03-23T00:00:00

Link: CVE-2023-28809

Vulnrichment

Updated: 2024-08-02T13:51:38.488Z

NVD

Status : Modified

Published: 2023-06-15T19:15:10.537

Modified: 2024-11-21T07:56:03.600

Link: CVE-2023-28809

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object