csaf_cisa - icsa-17-124-01

icsa-17-124-01

Vulnerability from csaf_cisa

Published

2017-05-04 00:00

Modified

2017-05-04 00:00

Summary

Hikvision Cameras

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

ATTENTION: Remotely exploitable/low skill level to exploit.

Countries/areas deployed

Worldwide

Company headquarters location

China

Recommended Practices

NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:

Recommended Practices

ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.

Recommended Practices

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target these vulnerabilities.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "IPcamtalk user Montecrypto"
        ],
        "summary": "identifying these vulnerabilities"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "ATTENTION: Remotely exploitable/low skill level to exploit.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "China",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-124-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsa-17-124-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-124-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-124-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-124-01"
      }
    ],
    "title": "Hikvision Cameras",
    "tracking": {
      "current_release_date": "2017-05-04T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-17-124-01",
      "initial_release_date": "2017-05-04T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2017-05-04T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-17-124-01 Hikvision Cameras"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=  5.3.1 build 150410 | \u003c= 5.4.4  Build 161125",
                "product": {
                  "name": "DS-2CD2xx2FWD Series: V5.3.1 build 150410 to V5.4.4 Build 161125",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "DS-2CD2xx2FWD Series"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=  5.2.0 build 140721 | \u003c= 5.4.0  Build 160414",
                "product": {
                  "name": "DS- 2CD4x2xFWD Series: V5.2.0 build 140721 to V5.4.0 Build 160414",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "DS- 2CD4x2xFWD Series"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=  5.2.0 build 140721 | \u003c= 5.4.0  Build 160421",
                "product": {
                  "name": "DS-2CD4xx5 Series: V5.2.0 build 140721 to V5.4.0 Build 160421",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "DS-2CD4xx5 Series"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e= 5.2.0 build  140805 | \u003c= 5.4.5  Build 160928",
                "product": {
                  "name": "DS-2DFx Series: V5.2.0 build 140805 to V5.4.5 Build 160928",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "DS-2DFx Series"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e= 5.2.0 build  140721 | \u003c= 5.4.0  Build 160401",
                "product": {
                  "name": "DS-2CD2xx0F-I Series: V5.2.0 build 140721 to V5.4.0 Build 160401",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "DS-2CD2xx0F-I Series"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e= 5.0.9 build  140305 | \u003c= 5.3.5  Build 160106",
                "product": {
                  "name": "DS-2CD63xx Series: V5.0.9 build 140305 to V5.3.5 Build 160106",
                  "product_id": "CSAFPID-0006"
                }
              }
            ],
            "category": "product_name",
            "name": "DS-2CD63xx Series"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e= 5.2.0 build 140721 | \u003c= 5.4.0  build 160530",
                "product": {
                  "name": "DS-2CD2xx2F-I Series: V5.2.0 build 140721 to V5.4.0 build 160530",
                  "product_id": "CSAFPID-0007"
                }
              }
            ],
            "category": "product_name",
            "name": "DS-2CD2xx2F-I Series"
          }
        ],
        "category": "vendor",
        "name": "Hikvision"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-7921",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.CVE-2017-7921 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7921"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Hikvision has released updates to mitigate the improper authentication vulnerability in cameras sold through authorized distributers. Hikvision has not mitigated the password in configuration file vulnerability.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "mitigation",
          "details": "However, Hikvision is aware of so-called \u201cgrey market\u201d cameras which are sold via unauthorized channels. These cameras often use unauthorized firmware created by sources outside of Hikvision. In the case of these \u201cgrey market\u201d devices, updating the firmware may result in converting the camera\u0027s interface back to its original state. Users of \u201cgrey market\u201d cameras who cannot update due to this unauthorized firmware will still be susceptible to these vulnerabilities.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "mitigation",
          "details": "In the Hikvision Unauthorized Distributors Notice, Hikvision encourages users to use devices sold by authorized distributers rather than so-called \u201cgrey market\u201d devices",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ],
          "url": "http://www.hikvision.com/us/about.aspx?stat=1\u0026c_kind=293\u0026c_kind2=10631"
        },
        {
          "category": "vendor_fix",
          "details": "DS-2CD2xx2F-I Series: V5.4.5 build 170123 and later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ],
          "url": "http://www.hikvision.com/us/about_10805.html"
        },
        {
          "category": "mitigation",
          "details": "DS-2CD2xx0F-I Series: V5.4.5 Build 170123 and later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ],
          "url": "http://www.hikvision.com/us/about_10805.html"
        },
        {
          "category": "mitigation",
          "details": "DS-2CD2xx2FWD Series: V5.4.5 Build 170124 and later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ],
          "url": "http://www.hikvision.com/us/about_10805.html"
        },
        {
          "category": "mitigation",
          "details": "DS- 2CD4x2xFWD Series: V5.4.5 Build 170228 and later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ],
          "url": "http://www.hikvision.com/us/about_10805.html"
        },
        {
          "category": "mitigation",
          "details": "DS-2CD4xx5 Series: V5.4.5 Build 170302 and later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ],
          "url": "http://www.hikvision.com/us/about_10805.html"
        },
        {
          "category": "mitigation",
          "details": "DS-2DFx Series: V5.4.9 Build 170123 and later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ],
          "url": "http://www.hikvision.com/us/about_10805.html"
        },
        {
          "category": "mitigation",
          "details": "DS-2CD63xx Series: V5.4.5 Build 170206 and later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ],
          "url": "http://www.hikvision.com/us/about_10805.html"
        },
        {
          "category": "mitigation",
          "details": "These updates are available for download ",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ],
          "url": "http://www.hikvision.com/us/about_10805.html"
        },
        {
          "category": "mitigation",
          "details": "More information can be found by visiting Hikvision\u0027s Vulnerability Notice",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ],
          "url": "http://www.hikvision.com/us/about_10807.html"
        },
        {
          "category": "mitigation",
          "details": "For Chinese-language domestic cameras, Hikvision also provides on-site tours or remote support in addition to the updated firmware listed above.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "mitigation",
          "details": "Hikvision also states that device models and firmware upgrade procedures may differ between regions. These policies will be communicated to users through Hikvision.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2017-7923",
      "cwe": {
        "id": "CWE-260",
        "name": "Password in Configuration File"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The password in configuration file vulnerability could allow a malicious user to escalate privileges or assume the identity of another user and access sensitive information.CVE-2017-7923 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7923"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Hikvision has released updates to mitigate the improper authentication vulnerability in cameras sold through authorized distributers. Hikvision has not mitigated the password in configuration file vulnerability.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "mitigation",
          "details": "However, Hikvision is aware of so-called \u201cgrey market\u201d cameras which are sold via unauthorized channels. These cameras often use unauthorized firmware created by sources outside of Hikvision. In the case of these \u201cgrey market\u201d devices, updating the firmware may result in converting the camera\u0027s interface back to its original state. Users of \u201cgrey market\u201d cameras who cannot update due to this unauthorized firmware will still be susceptible to these vulnerabilities.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "mitigation",
          "details": "In the Hikvision Unauthorized Distributors Notice, Hikvision encourages users to use devices sold by authorized distributers rather than so-called \u201cgrey market\u201d devices",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ],
          "url": "http://www.hikvision.com/us/about.aspx?stat=1\u0026c_kind=293\u0026c_kind2=10631"
        },
        {
          "category": "vendor_fix",
          "details": "DS-2CD2xx2F-I Series: V5.4.5 build 170123 and later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ],
          "url": "http://www.hikvision.com/us/about_10805.html"
        },
        {
          "category": "mitigation",
          "details": "DS-2CD2xx0F-I Series: V5.4.5 Build 170123 and later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ],
          "url": "http://www.hikvision.com/us/about_10805.html"
        },
        {
          "category": "mitigation",
          "details": "DS-2CD2xx2FWD Series: V5.4.5 Build 170124 and later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ],
          "url": "http://www.hikvision.com/us/about_10805.html"
        },
        {
          "category": "mitigation",
          "details": "DS- 2CD4x2xFWD Series: V5.4.5 Build 170228 and later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ],
          "url": "http://www.hikvision.com/us/about_10805.html"
        },
        {
          "category": "mitigation",
          "details": "DS-2CD4xx5 Series: V5.4.5 Build 170302 and later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ],
          "url": "http://www.hikvision.com/us/about_10805.html"
        },
        {
          "category": "mitigation",
          "details": "DS-2DFx Series: V5.4.9 Build 170123 and later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ],
          "url": "http://www.hikvision.com/us/about_10805.html"
        },
        {
          "category": "mitigation",
          "details": "DS-2CD63xx Series: V5.4.5 Build 170206 and later",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ],
          "url": "http://www.hikvision.com/us/about_10805.html"
        },
        {
          "category": "mitigation",
          "details": "These updates are available for download ",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ],
          "url": "http://www.hikvision.com/us/about_10805.html"
        },
        {
          "category": "mitigation",
          "details": "More information can be found by visiting Hikvision\u0027s Vulnerability Notice",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ],
          "url": "http://www.hikvision.com/us/about_10807.html"
        },
        {
          "category": "mitigation",
          "details": "For Chinese-language domestic cameras, Hikvision also provides on-site tours or remote support in addition to the updated firmware listed above.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "mitigation",
          "details": "Hikvision also states that device models and firmware upgrade procedures may differ between regions. These policies will be communicated to users through Hikvision.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        }
      ]
    }
  ]
}

cve-2017-7921

Vulnerability from cvelistv5

Published

2017-05-06 00:00

Modified

2024-12-27 20:39

Severity ?

Summary

An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.

References

▼	URL	Tags
	https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01	x_refsource_MISC
	http://www.securityfocus.com/bid/98313	vdb-entry, x_refsource_BID
	https://ghostbin.com/paste/q2vq2	x_refsource_MISC
	http://www.hikvision.com/us/about_10805.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Hikvision Cameras	Version: Hikvision Cameras

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-12-27T20:39:36.735Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.hikvision.com/us-en/support/document-center/special-notices/privilege-escalating-vulnerability-in-certain-hikvision-ip-cameras/"
          },
          {
            "url": "https://www.hikvision.com/cn/support/CybersecurityCenter/SecurityNotices/20170314/"
          },
          {
            "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification--privilege-escalating-vulnerability-in-cer/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01"
          },
          {
            "name": "98313",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98313"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ghostbin.com/paste/q2vq2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.hikvision.com/us/about_10805.html"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Hikvision Cameras",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Hikvision Cameras"
            }
          ]
        }
      ],
      "datePublic": "2017-05-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-18T03:57:01",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01"
        },
        {
          "name": "98313",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98313"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ghostbin.com/paste/q2vq2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.hikvision.com/us/about_10805.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2017-7921",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Hikvision Cameras",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Hikvision Cameras"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01"
            },
            {
              "name": "98313",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98313"
            },
            {
              "name": "https://ghostbin.com/paste/q2vq2",
              "refsource": "MISC",
              "url": "https://ghostbin.com/paste/q2vq2"
            },
            {
              "name": "http://www.hikvision.com/us/about_10805.html",
              "refsource": "MISC",
              "url": "http://www.hikvision.com/us/about_10805.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2017-7921",
    "datePublished": "2017-05-06T00:00:00",
    "dateReserved": "2017-04-18T00:00:00",
    "dateUpdated": "2024-12-27T20:39:36.735Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-7923

Vulnerability from cvelistv5

Published

2017-05-06 00:00

Modified

2024-12-27 20:58

Severity ?

Summary

A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The password in configuration file vulnerability could allow a malicious user to escalate privileges or assume the identity of another user and access sensitive information.

References

▼	URL	Tags
	https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01	x_refsource_MISC
	http://www.securityfocus.com/bid/98313	vdb-entry, x_refsource_BID
	https://ghostbin.com/paste/q2vq2	x_refsource_MISC
	http://www.hikvision.com/us/about_10807.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Hikvision Cameras	Version: Hikvision Cameras

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-12-27T20:58:21.460Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.hikvision.com/us-en/support/document-center/special-notices/privilege-escalating-vulnerability-in-certain-hikvision-ip-cameras/"
          },
          {
            "url": "https://www.hikvision.com/cn/support/CybersecurityCenter/SecurityNotices/20170314/"
          },
          {
            "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification--privilege-escalating-vulnerability-in-cer/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01"
          },
          {
            "name": "98313",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98313"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ghostbin.com/paste/q2vq2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.hikvision.com/us/about_10807.html"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Hikvision Cameras",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Hikvision Cameras"
            }
          ]
        }
      ],
      "datePublic": "2017-05-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The password in configuration file vulnerability could allow a malicious user to escalate privileges or assume the identity of another user and access sensitive information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-260",
              "description": "CWE-260",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-18T03:57:01",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01"
        },
        {
          "name": "98313",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98313"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ghostbin.com/paste/q2vq2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.hikvision.com/us/about_10807.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2017-7923",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Hikvision Cameras",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Hikvision Cameras"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The password in configuration file vulnerability could allow a malicious user to escalate privileges or assume the identity of another user and access sensitive information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-260"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01"
            },
            {
              "name": "98313",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98313"
            },
            {
              "name": "https://ghostbin.com/paste/q2vq2",
              "refsource": "MISC",
              "url": "https://ghostbin.com/paste/q2vq2"
            },
            {
              "name": "http://www.hikvision.com/us/about_10807.html",
              "refsource": "MISC",
              "url": "http://www.hikvision.com/us/about_10807.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2017-7923",
    "datePublished": "2017-05-06T00:00:00",
    "dateReserved": "2017-04-18T00:00:00",
    "dateUpdated": "2024-12-27T20:58:21.460Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

icsa-17-124-01

Vulnerability from csaf_cisa

cve-2017-7921

Vulnerability from cvelistv5

cve-2017-7923

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature