CVE-2017-7923

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

06/05/2017

Last modified:

20/04/2025

Description

A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The password in configuration file vulnerability could allow a malicious user to escalate privileges or assume the identity of another user and access sensitive information.

Impact

Vector 3.x

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 8.80 HIGH
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x

8.80

Severity 3.x

HIGH

Vector 2.0

AV:N/AC:L/Au:S/C:P/I:N/A:N CVSS v2.0 Severity and Metrics:

Base Score: 4.00 MEDIUM
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Attack Vector (AV): Network
Attack Complexity (AC): Low
Authentication (Au): Single
Confidentiality (C): Physical
Integrity (I): None
Availability (A): None

Base Score 2.0

4.00

Severity 2.0

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:o:hikvision:ds-2cd2032-i_firmware:-:::::::*
cpe:2.3:o:hikvision:ds-2cd2112-i_firmware:-:::::::*
cpe:2.3:o:hikvision:ds-2cd2132-i_firmware:-:::::::*
cpe:2.3:o:hikvision:ds-2cd2212-i5_firmware:-:::::::*
cpe:2.3:o:hikvision:ds-2cd2232-i5_firmware:-:::::::*
cpe:2.3:o:hikvision:ds-2cd2312-i_firmware:-:::::::*
cpe:2.3:o:hikvision:ds-2cd2332-i_firmware:-:::::::*
cpe:2.3:o:hikvision:ds-2cd2412f-i\(w\)_firmware:-:::::::*
cpe:2.3:o:hikvision:ds-2cd2432f-i\(w\)_firmware:-:::::::*
cpe:2.3:o:hikvision:ds-2cd2512f-i\(s\)_firmware:-:::::::*
cpe:2.3:o:hikvision:ds-2cd2532f-i\(s\)_firmware:-:::::::*
cpe:2.3:o:hikvision:ds-2cd2612f-i\(s\)_firmware:-:::::::*
cpe:2.3:o:hikvision:ds-2cd2632f-i\(s\)_firmware:-:::::::*
cpe:2.3:o:hikvision:ds-2cd2712f-i\(s\)_firmware:-:::::::*
cpe:2.3:o:hikvision:ds-2cd2732f-i\(s\)_firmware:-:::::::*

To consult the complete list of CPE names with products and versions, see this page

CPE	From	Up to
cpe:2.3:o:hikvision:ds-2cd2032-i_firmware:-:::::::*
cpe:2.3:o:hikvision:ds-2cd2112-i_firmware:-:::::::*
cpe:2.3:o:hikvision:ds-2cd2132-i_firmware:-:::::::*
cpe:2.3:o:hikvision:ds-2cd2212-i5_firmware:-:::::::*
cpe:2.3:o:hikvision:ds-2cd2232-i5_firmware:-:::::::*
cpe:2.3:o:hikvision:ds-2cd2312-i_firmware:-:::::::*
cpe:2.3:o:hikvision:ds-2cd2332-i_firmware:-:::::::*
cpe:2.3:o:hikvision:ds-2cd2412f-i\(w\)_firmware:-:::::::*
cpe:2.3:o:hikvision:ds-2cd2432f-i\(w\)_firmware:-:::::::*
cpe:2.3:o:hikvision:ds-2cd2512f-i\(s\)_firmware:-:::::::*
cpe:2.3:o:hikvision:ds-2cd2532f-i\(s\)_firmware:-:::::::*
cpe:2.3:o:hikvision:ds-2cd2612f-i\(s\)_firmware:-:::::::*
cpe:2.3:o:hikvision:ds-2cd2632f-i\(s\)_firmware:-:::::::*
cpe:2.3:o:hikvision:ds-2cd2712f-i\(s\)_firmware:-:::::::*
cpe:2.3:o:hikvision:ds-2cd2732f-i\(s\)_firmware:-:::::::*

CVE-2017-7923

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools