Vulnerability Details CVE-2023-28809
Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 33.8%
CVSS Severity
CVSS v3 Score 7.5
References
- http://packetstormsecurity.com/files/174506/Hikvision-Access-Control-Session-Hijacking.html
- https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/
- http://packetstormsecurity.com/files/174506/Hikvision-Access-Control-Session-Hijacking.html
- https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/
Products affected by CVE-2023-28809
-
cpe:2.3:h:hikvision:ds-k1t320efwx:-
-
cpe:2.3:h:hikvision:ds-k1t320efx:-
-
cpe:2.3:h:hikvision:ds-k1t320ewx:-
-
cpe:2.3:h:hikvision:ds-k1t320ex:-
-
cpe:2.3:h:hikvision:ds-k1t320mfwx:-
-
cpe:2.3:h:hikvision:ds-k1t320mfx:-
-
cpe:2.3:h:hikvision:ds-k1t320mwx:-
-
cpe:2.3:h:hikvision:ds-k1t320mx:-
-
cpe:2.3:h:hikvision:ds-k1t341am:-
-
cpe:2.3:h:hikvision:ds-k1t341amf:-
-
cpe:2.3:h:hikvision:ds-k1t341cm:-
-
cpe:2.3:h:hikvision:ds-k1t343ewx:-
-
cpe:2.3:h:hikvision:ds-k1t343ex:-
-
cpe:2.3:h:hikvision:ds-k1t343mwx:-
-
cpe:2.3:h:hikvision:ds-k1t343mx:-
-
cpe:2.3:h:hikvision:ds-k1t671:-
-
cpe:2.3:h:hikvision:ds-k1t671m:-
-
cpe:2.3:h:hikvision:ds-k1t671mf:-
-
cpe:2.3:h:hikvision:ds-k1t671t:-
-
cpe:2.3:h:hikvision:ds-k1t671tm-3xf:-
-
cpe:2.3:h:hikvision:ds-k1t671tm:-
-
cpe:2.3:h:hikvision:ds-k1t671tmf:-
-
cpe:2.3:h:hikvision:ds-k1t671tmfw:-
-
cpe:2.3:h:hikvision:ds-k1t671tmw:-
-
cpe:2.3:h:hikvision:ds-k1t804af:-
-
cpe:2.3:h:hikvision:ds-k1t804amf:-
-
cpe:2.3:o:hikvision:ds-k1t320efwx_firmware:-
-
cpe:2.3:o:hikvision:ds-k1t320efx_firmware:-
-
cpe:2.3:o:hikvision:ds-k1t320ewx_firmware:-
-
cpe:2.3:o:hikvision:ds-k1t320ex_firmware:-
-
cpe:2.3:o:hikvision:ds-k1t320mfwx_firmware:-
-
cpe:2.3:o:hikvision:ds-k1t320mfx_firmware:-
-
cpe:2.3:o:hikvision:ds-k1t320mwx_firmware:-
-
cpe:2.3:o:hikvision:ds-k1t320mx_firmware:-
-
cpe:2.3:o:hikvision:ds-k1t341am_firmware:-
-
cpe:2.3:o:hikvision:ds-k1t341amf_firmware:-
-
cpe:2.3:o:hikvision:ds-k1t341cm_firmware:-
-
cpe:2.3:o:hikvision:ds-k1t343ewx_firmware:-
-
cpe:2.3:o:hikvision:ds-k1t343ex_firmware:-
-
cpe:2.3:o:hikvision:ds-k1t343mwx_firmware:-
-
cpe:2.3:o:hikvision:ds-k1t343mx_firmware:-
-
cpe:2.3:o:hikvision:ds-k1t671_firmware:-
-
cpe:2.3:o:hikvision:ds-k1t671m_firmware:-
-
cpe:2.3:o:hikvision:ds-k1t671mf_firmware:-
-
cpe:2.3:o:hikvision:ds-k1t671t_firmware:-
-
cpe:2.3:o:hikvision:ds-k1t671tm-3xf_firmware:-
-
cpe:2.3:o:hikvision:ds-k1t671tm_firmware:-
-
cpe:2.3:o:hikvision:ds-k1t671tmf_firmware:-
-
cpe:2.3:o:hikvision:ds-k1t671tmfw_firmware:-
-
cpe:2.3:o:hikvision:ds-k1t671tmw_firmware:-
-
cpe:2.3:o:hikvision:ds-k1t804af_firmware:-
-
cpe:2.3:o:hikvision:ds-k1t804amf_firmware:-