CVE-2023-28809
Hikvision Access Control Session Hijacking
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user.
Remote attackers can steal valid authentication session identifiers of Hikvision Access Control/Intercom Products. This is possible because a remote attacker can create a session identifier without restrictions. If an attacker requests a session ID at the same time as a valid user, the attacker receives the identical session ID. This session ID is immediately recognized as valid after successful authentication of the correct user.
*Credits:
Andres Hinnosaar
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-03-23 CVE Reserved
- 2023-06-15 CVE Published
- 2024-12-18 CVE Updated
- 2025-01-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
- CWE-384: Session Fixation
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/174506/Hikvision-Access-Control-Session-Hijacking.html |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Hikvision Search vendor "Hikvision" | Ds-k1t320efwx Firmware Search vendor "Hikvision" for product "Ds-k1t320efwx Firmware" | - | - |
Affected
| in | Hikvision Search vendor "Hikvision" | Ds-k1t320efwx Search vendor "Hikvision" for product "Ds-k1t320efwx" | - | - |
Safe
|
| Hikvision Search vendor "Hikvision" | Ds-k1t320efx Firmware Search vendor "Hikvision" for product "Ds-k1t320efx Firmware" | - | - |
Affected
| in | Hikvision Search vendor "Hikvision" | Ds-k1t320efx Search vendor "Hikvision" for product "Ds-k1t320efx" | - | - |
Safe
|
| Hikvision Search vendor "Hikvision" | Ds-k1t320ewx Firmware Search vendor "Hikvision" for product "Ds-k1t320ewx Firmware" | - | - |
Affected
| in | Hikvision Search vendor "Hikvision" | Ds-k1t320ewx Search vendor "Hikvision" for product "Ds-k1t320ewx" | - | - |
Safe
|
| Hikvision Search vendor "Hikvision" | Ds-k1t320ex Firmware Search vendor "Hikvision" for product "Ds-k1t320ex Firmware" | - | - |
Affected
| in | Hikvision Search vendor "Hikvision" | Ds-k1t320ex Search vendor "Hikvision" for product "Ds-k1t320ex" | - | - |
Safe
|
| Hikvision Search vendor "Hikvision" | Ds-k1t320mfwx Firmware Search vendor "Hikvision" for product "Ds-k1t320mfwx Firmware" | - | - |
Affected
| in | Hikvision Search vendor "Hikvision" | Ds-k1t320mfwx Search vendor "Hikvision" for product "Ds-k1t320mfwx" | - | - |
Safe
|
| Hikvision Search vendor "Hikvision" | Ds-k1t320mfx Firmware Search vendor "Hikvision" for product "Ds-k1t320mfx Firmware" | - | - |
Affected
| in | Hikvision Search vendor "Hikvision" | Ds-k1t320mfx Search vendor "Hikvision" for product "Ds-k1t320mfx" | - | - |
Safe
|
| Hikvision Search vendor "Hikvision" | Ds-k1t320mwx Firmware Search vendor "Hikvision" for product "Ds-k1t320mwx Firmware" | - | - |
Affected
| in | Hikvision Search vendor "Hikvision" | Ds-k1t320mwx Search vendor "Hikvision" for product "Ds-k1t320mwx" | - | - |
Safe
|
| Hikvision Search vendor "Hikvision" | Ds-k1t320mx Firmware Search vendor "Hikvision" for product "Ds-k1t320mx Firmware" | - | - |
Affected
| in | Hikvision Search vendor "Hikvision" | Ds-k1t320mx Search vendor "Hikvision" for product "Ds-k1t320mx" | - | - |
Safe
|
| Hikvision Search vendor "Hikvision" | Ds-k1t341am Firmware Search vendor "Hikvision" for product "Ds-k1t341am Firmware" | - | - |
Affected
| in | Hikvision Search vendor "Hikvision" | Ds-k1t341am Search vendor "Hikvision" for product "Ds-k1t341am" | - | - |
Safe
|
| Hikvision Search vendor "Hikvision" | Ds-k1t341amf Firmware Search vendor "Hikvision" for product "Ds-k1t341amf Firmware" | - | - |
Affected
| in | Hikvision Search vendor "Hikvision" | Ds-k1t341amf Search vendor "Hikvision" for product "Ds-k1t341amf" | - | - |
Safe
|
| Hikvision Search vendor "Hikvision" | Ds-k1t341cm Firmware Search vendor "Hikvision" for product "Ds-k1t341cm Firmware" | - | - |
Affected
| in | Hikvision Search vendor "Hikvision" | Ds-k1t341cm Search vendor "Hikvision" for product "Ds-k1t341cm" | - | - |
Safe
|
| Hikvision Search vendor "Hikvision" | Ds-k1t343ewx Firmware Search vendor "Hikvision" for product "Ds-k1t343ewx Firmware" | - | - |
Affected
| in | Hikvision Search vendor "Hikvision" | Ds-k1t343ewx Search vendor "Hikvision" for product "Ds-k1t343ewx" | - | - |
Safe
|
| Hikvision Search vendor "Hikvision" | Ds-k1t343ex Firmware Search vendor "Hikvision" for product "Ds-k1t343ex Firmware" | - | - |
Affected
| in | Hikvision Search vendor "Hikvision" | Ds-k1t343ex Search vendor "Hikvision" for product "Ds-k1t343ex" | - | - |
Safe
|
| Hikvision Search vendor "Hikvision" | Ds-k1t343mwx Firmware Search vendor "Hikvision" for product "Ds-k1t343mwx Firmware" | - | - |
Affected
| in | Hikvision Search vendor "Hikvision" | Ds-k1t343mwx Search vendor "Hikvision" for product "Ds-k1t343mwx" | - | - |
Safe
|
| Hikvision Search vendor "Hikvision" | Ds-k1t343mx Firmware Search vendor "Hikvision" for product "Ds-k1t343mx Firmware" | - | - |
Affected
| in | Hikvision Search vendor "Hikvision" | Ds-k1t343mx Search vendor "Hikvision" for product "Ds-k1t343mx" | - | - |
Safe
|
| Hikvision Search vendor "Hikvision" | Ds-k1t671 Firmware Search vendor "Hikvision" for product "Ds-k1t671 Firmware" | - | - |
Affected
| in | Hikvision Search vendor "Hikvision" | Ds-k1t671 Search vendor "Hikvision" for product "Ds-k1t671" | - | - |
Safe
|
| Hikvision Search vendor "Hikvision" | Ds-k1t671m Firmware Search vendor "Hikvision" for product "Ds-k1t671m Firmware" | - | - |
Affected
| in | Hikvision Search vendor "Hikvision" | Ds-k1t671m Search vendor "Hikvision" for product "Ds-k1t671m" | - | - |
Safe
|
| Hikvision Search vendor "Hikvision" | Ds-k1t671mf Firmware Search vendor "Hikvision" for product "Ds-k1t671mf Firmware" | - | - |
Affected
| in | Hikvision Search vendor "Hikvision" | Ds-k1t671mf Search vendor "Hikvision" for product "Ds-k1t671mf" | - | - |
Safe
|
| Hikvision Search vendor "Hikvision" | Ds-k1t671t Firmware Search vendor "Hikvision" for product "Ds-k1t671t Firmware" | - | - |
Affected
| in | Hikvision Search vendor "Hikvision" | Ds-k1t671t Search vendor "Hikvision" for product "Ds-k1t671t" | - | - |
Safe
|
| Hikvision Search vendor "Hikvision" | Ds-k1t671tm Firmware Search vendor "Hikvision" for product "Ds-k1t671tm Firmware" | - | - |
Affected
| in | Hikvision Search vendor "Hikvision" | Ds-k1t671tm Search vendor "Hikvision" for product "Ds-k1t671tm" | - | - |
Safe
|
| Hikvision Search vendor "Hikvision" | Ds-k1t671tm-3xf Firmware Search vendor "Hikvision" for product "Ds-k1t671tm-3xf Firmware" | - | - |
Affected
| in | Hikvision Search vendor "Hikvision" | Ds-k1t671tm-3xf Search vendor "Hikvision" for product "Ds-k1t671tm-3xf" | - | - |
Safe
|
| Hikvision Search vendor "Hikvision" | Ds-k1t671tmf Firmware Search vendor "Hikvision" for product "Ds-k1t671tmf Firmware" | - | - |
Affected
| in | Hikvision Search vendor "Hikvision" | Ds-k1t671tmf Search vendor "Hikvision" for product "Ds-k1t671tmf" | - | - |
Safe
|
| Hikvision Search vendor "Hikvision" | Ds-k1t671tmfw Firmware Search vendor "Hikvision" for product "Ds-k1t671tmfw Firmware" | - | - |
Affected
| in | Hikvision Search vendor "Hikvision" | Ds-k1t671tmfw Search vendor "Hikvision" for product "Ds-k1t671tmfw" | - | - |
Safe
|
| Hikvision Search vendor "Hikvision" | Ds-k1t671tmw Firmware Search vendor "Hikvision" for product "Ds-k1t671tmw Firmware" | - | - |
Affected
| in | Hikvision Search vendor "Hikvision" | Ds-k1t671tmw Search vendor "Hikvision" for product "Ds-k1t671tmw" | - | - |
Safe
|
| Hikvision Search vendor "Hikvision" | Ds-k1t804af Firmware Search vendor "Hikvision" for product "Ds-k1t804af Firmware" | - | - |
Affected
| in | Hikvision Search vendor "Hikvision" | Ds-k1t804af Search vendor "Hikvision" for product "Ds-k1t804af" | - | - |
Safe
|
| Hikvision Search vendor "Hikvision" | Ds-k1t804amf Firmware Search vendor "Hikvision" for product "Ds-k1t804amf Firmware" | - | - |
Affected
| in | Hikvision Search vendor "Hikvision" | Ds-k1t804amf Search vendor "Hikvision" for product "Ds-k1t804amf" | - | - |
Safe
|