CVE-2023-28808 - Access Control Vulnerability in Hikvision Hybrid SAN/Cluster Storage Devices

In this post, we will discuss CVE-2023-28808, an access control vulnerability affecting some Hikvision Hybrid SAN/Cluster Storage devices, allowing unauthorized access to admin privileges. We will dive into the details of the exploit, including affected versions, code snippet examples, and original references.

Overview of CVE-2023-28808

Hikvision Hybrid SAN/Cluster Storage devices are widely used for managing storage and network resources in various industries, including security and surveillance. These products have been found to have an access control vulnerability, allowing attackers to potentially gain admin permissions by sending specially crafted messages to the affected devices.

Affected Products

Hikvision Hybrid SAN/Cluster Storage devices running firmware versions prior to V4.x.x.x. Users running the latest firmware are not affected.

Exploit Details

The access control vulnerability is caused by the misconfiguration of device permissions, allowing attackers to send crafted messages, thereby gaining access to admin permissions. This could potentially enable unauthorized access to sensitive information, control over the device, and the ability to execute further attacks.

For demonstration purposes only, an example of a simple crafted message for exploiting the vulnerability might look like:

POST /cgi-bin/storageDeviceMgmt.cgi HTTP/1.1
Host: <target device>
Content-Length: XX
Cookie: auth="<crafted auth>"

Once the crafted message is sent to the device, an attacker could potentially gain admin permissions, opening up the possibilities for further malicious activities, such as controlling the targeted device.

Mitigation and Resolution

The issue has been reported to Hikvision, and they have released a firmware update to address the access control vulnerability. The firmware version V4.x.x.x has fixed the issue, and it is highly recommended that users update their devices immediately.

Please follow the Hikvision firmware update instructions available on their official website.

Original References

- CVE: CVE-2023-28808
- Hikvision security bulletin: Access Control Vulnerability Announcement
- NIST NVD: NVD - CVE-2023-28808

Conclusion

In conclusion, CVE-2023-28808 represents a significant access control vulnerability in some Hikvision Hybrid SAN/Cluster Storage devices. With this exploit, attackers can potentially gain admin permissions and compromise sensitive data, control devices, and launch further attacks. Users are highly recommended to keep their devices up-to-date and follow best security practices to mitigate risks.

Additionally, it is crucial to stay informed on the latest firmware updates and security announcements from manufacturers, such as Hikvision, in order to stay protected against potential threats. Following news and updates from industry sources will help ensure that devices are secure and vulnerabilities are addressed promptly.

Timeline

Published on: 04/11/2023 21:15:00 UTC
Last modified on: 04/24/2023 13:50:00 UTC