CVE-2023-28808
Last modified
CVE-2023-28808 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.. EPSS estimates a 0.83% chance of exploitation in the next 30 days.
Description
Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Hikvision | Ds-A71024 Firmware | <= 2.3.8-8 |
| Hikvision | Ds-A71048 Firmware | <= 2.3.8-8 |
| Hikvision | Ds-A71072r Firmware | <= 2.3.8-8 |
| Hikvision | Ds-A80624s Firmware | <= 2.3.8-8 |
| Hikvision | Ds-A81016s Firmware | <= 2.3.8-8 |
| Hikvision | Ds-A72024 Firmware | <= 2.3.8-8 |
| Hikvision | Ds-A72072r Firmware | All versions |
| Hikvision | Ds-A80316s Firmware | <= 2.3.8-8 |
| Hikvision | Ds-A82024d Firmware | <= 2.3.8-8 |
| Hikvision | Ds-A71024 Firmware | <= 1.1.4 |
| Hikvision | Ds-A71048r-Cvs Firmware | <= 1.1.4 |
| Hikvision | Ds-A72072r Firmware | <= 2.3.8-8 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-28808?
How severe is CVE-2023-28808?
How do I fix CVE-2023-28808?
Are you affected by CVE-2023-28808?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST