CVE-2023-28809

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-28809
Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
http://packetstormsecurity.com/files/174506/Hikvision-Access-Control-Session-Hijacking.html
https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/ Vendor Advisory
http://packetstormsecurity.com/files/174506/Hikvision-Access-Control-Session-Hijacking.html
https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/ Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:hikvision:ds-k1t320efwx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t320efwx:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:hikvision:ds-k1t320efx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t320efx:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:hikvision:ds-k1t320ewx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t320ewx:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:hikvision:ds-k1t320ex_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t320ex:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:hikvision:ds-k1t320mfwx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t320mfwx:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:hikvision:ds-k1t320mfx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t320mfx:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:hikvision:ds-k1t320mwx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t320mwx:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:hikvision:ds-k1t320mx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t320mx:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:hikvision:ds-k1t341am_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t341am:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:hikvision:ds-k1t341amf_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t341amf:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:hikvision:ds-k1t341cm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t341cm:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:hikvision:ds-k1t343ewx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t343ewx:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:hikvision:ds-k1t343ex_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t343ex:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:hikvision:ds-k1t343mwx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t343mwx:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:hikvision:ds-k1t343mx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t343mx:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:hikvision:ds-k1t671_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t671:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:hikvision:ds-k1t671m_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t671m:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:hikvision:ds-k1t671mf_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t671mf:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:hikvision:ds-k1t671t_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t671t:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:hikvision:ds-k1t671tm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t671tm:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:hikvision:ds-k1t671tm-3xf_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t671tm-3xf:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:hikvision:ds-k1t671tmf_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t671tmf:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:hikvision:ds-k1t671tmfw_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t671tmfw:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:hikvision:ds-k1t671tmw_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t671tmw:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:hikvision:ds-k1t804af_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t804af:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:hikvision:ds-k1t804amf_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t804amf:-:*:*:*:*:*:*:*
History

21 Nov 2024, 07:56

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/174506/Hikvision-Access-Control-Session-Hijacking.html - () http://packetstormsecurity.com/files/174506/Hikvision-Access-Control-Session-Hijacking.html -
References () https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/ - Vendor Advisory () https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/ - Vendor Advisory

05 Sep 2023, 17:15

Type Values Removed Values Added
References
  • (MISC) http://packetstormsecurity.com/files/174506/Hikvision-Access-Control-Session-Hijacking.html -

30 Jun 2023, 00:08

Type Values Removed Values Added
First Time Hikvision ds-k1t320efx Firmware
Hikvision ds-k1t671tmfw
Hikvision ds-k1t343mwx
Hikvision ds-k1t320ewx Firmware
Hikvision ds-k1t320mwx
Hikvision ds-k1t341cm
Hikvision ds-k1t671tmf
Hikvision ds-k1t671tm-3xf Firmware
Hikvision ds-k1t343mx Firmware
Hikvision ds-k1t671tmf Firmware
Hikvision ds-k1t320ex
Hikvision ds-k1t320mx
Hikvision ds-k1t320efwx
Hikvision ds-k1t343ex
Hikvision ds-k1t341am
Hikvision ds-k1t341amf Firmware
Hikvision ds-k1t671tmw
Hikvision ds-k1t671m Firmware
Hikvision ds-k1t320mfwx
Hikvision ds-k1t671mf Firmware
Hikvision ds-k1t320mfx Firmware
Hikvision ds-k1t671t Firmware
Hikvision ds-k1t343ewx
Hikvision ds-k1t320efx
Hikvision ds-k1t341cm Firmware
Hikvision ds-k1t671tm
Hikvision ds-k1t671tmw Firmware
Hikvision ds-k1t320mfwx Firmware
Hikvision ds-k1t343ex Firmware
Hikvision ds-k1t804af
Hikvision
Hikvision ds-k1t804amf
Hikvision ds-k1t671t
Hikvision ds-k1t320mfx
Hikvision ds-k1t671 Firmware
Hikvision ds-k1t671tm-3xf
Hikvision ds-k1t671
Hikvision ds-k1t804amf Firmware
Hikvision ds-k1t320mwx Firmware
Hikvision ds-k1t341amf
Hikvision ds-k1t671tm Firmware
Hikvision ds-k1t320efwx Firmware
Hikvision ds-k1t320mx Firmware
Hikvision ds-k1t671mf
Hikvision ds-k1t343mwx Firmware
Hikvision ds-k1t804af Firmware
Hikvision ds-k1t320ex Firmware
Hikvision ds-k1t343mx
Hikvision ds-k1t671m
Hikvision ds-k1t343ewx Firmware
Hikvision ds-k1t320ewx
Hikvision ds-k1t671tmfw Firmware
Hikvision ds-k1t341am Firmware
CPE cpe:2.3:h:hikvision:ds-k1t341cm:-:*:*:*:*:*:*:*
cpe:2.3:o:hikvision:ds-k1t671tmw_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:hikvision:ds-k1t671tmf_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:hikvision:ds-k1t320efwx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t341am:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t343ex:-:*:*:*:*:*:*:*
cpe:2.3:o:hikvision:ds-k1t671m_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:hikvision:ds-k1t341cm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t671tmf:-:*:*:*:*:*:*:*
cpe:2.3:o:hikvision:ds-k1t671mf_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t320mfx:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t320efx:-:*:*:*:*:*:*:*
cpe:2.3:o:hikvision:ds-k1t671tm_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:hikvision:ds-k1t804af_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:hikvision:ds-k1t320mx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t671tmfw:-:*:*:*:*:*:*:*
cpe:2.3:o:hikvision:ds-k1t320ex_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t320mwx:-:*:*:*:*:*:*:*
cpe:2.3:o:hikvision:ds-k1t341amf_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t320mx:-:*:*:*:*:*:*:*
cpe:2.3:o:hikvision:ds-k1t671t_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t804amf:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t671tm-3xf:-:*:*:*:*:*:*:*
cpe:2.3:o:hikvision:ds-k1t341am_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:hikvision:ds-k1t320mfx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:hikvision:ds-k1t671_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t671t:-:*:*:*:*:*:*:*
cpe:2.3:o:hikvision:ds-k1t804amf_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:hikvision:ds-k1t320efx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t343mwx:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t343mx:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t343ewx:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t320efwx:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t671tm:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t671:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t671m:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t671tmw:-:*:*:*:*:*:*:*
cpe:2.3:o:hikvision:ds-k1t320mwx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t341amf:-:*:*:*:*:*:*:*
cpe:2.3:o:hikvision:ds-k1t320ewx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t320ex:-:*:*:*:*:*:*:*
cpe:2.3:o:hikvision:ds-k1t343mx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t320ewx:-:*:*:*:*:*:*:*
cpe:2.3:o:hikvision:ds-k1t343ewx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:hikvision:ds-k1t343ex_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:hikvision:ds-k1t343mwx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:hikvision:ds-k1t320mfwx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t671mf:-:*:*:*:*:*:*:*
cpe:2.3:o:hikvision:ds-k1t671tmfw_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t320mfwx:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-k1t804af:-:*:*:*:*:*:*:*
cpe:2.3:o:hikvision:ds-k1t671tm-3xf_firmware:-:*:*:*:*:*:*:*
References (MISC) https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/ - (MISC) https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/ - Vendor Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
CWE CWE-384

15 Jun 2023, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-06-15 19:15

Updated : 2024-11-21 07:56

NVD link : CVE-2023-28809

Mitre link : CVE-2023-28809

CVE.ORG link : CVE-2023-28809

JSON object : View

Products Affected

hikvision

  • ds-k1t320ewx
  • ds-k1t320ex_firmware
  • ds-k1t320ex
  • ds-k1t671tmf_firmware
  • ds-k1t343mwx
  • ds-k1t341cm
  • ds-k1t671mf_firmware
  • ds-k1t671tmfw
  • ds-k1t343ewx
  • ds-k1t804amf_firmware
  • ds-k1t320ewx_firmware
  • ds-k1t671mf
  • ds-k1t343mx_firmware
  • ds-k1t671tm-3xf
  • ds-k1t343mwx_firmware
  • ds-k1t671tmw_firmware
  • ds-k1t671tmfw_firmware
  • ds-k1t341amf_firmware
  • ds-k1t320mwx_firmware
  • ds-k1t320mfwx
  • ds-k1t320mx
  • ds-k1t671tmf
  • ds-k1t341amf
  • ds-k1t343mx
  • ds-k1t320mwx
  • ds-k1t320efwx
  • ds-k1t341cm_firmware
  • ds-k1t320efx_firmware
  • ds-k1t343ex_firmware
  • ds-k1t671tmw
  • ds-k1t320efwx_firmware
  • ds-k1t804af
  • ds-k1t320mfx
  • ds-k1t671_firmware
  • ds-k1t343ewx_firmware
  • ds-k1t341am
  • ds-k1t320efx
  • ds-k1t671t
  • ds-k1t320mfwx_firmware
  • ds-k1t320mfx_firmware
  • ds-k1t320mx_firmware
  • ds-k1t671tm_firmware
  • ds-k1t671m_firmware
  • ds-k1t671
  • ds-k1t671tm
  • ds-k1t804af_firmware
  • ds-k1t671m
  • ds-k1t341am_firmware
  • ds-k1t804amf
  • ds-k1t671tm-3xf_firmware
  • ds-k1t343ex
  • ds-k1t671t_firmware
CWE
CWE-284

Improper Access Control

CWE-384

Session Fixation


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024