CVE-2023-28809
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
15/06/2023
Last modified:
05/09/2023
Description
Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:hikvision:ds-k1t320efwx_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:hikvision:ds-k1t320efwx:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:hikvision:ds-k1t320efx_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:hikvision:ds-k1t320efx:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:hikvision:ds-k1t320ewx_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:hikvision:ds-k1t320ewx:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:hikvision:ds-k1t320ex_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:hikvision:ds-k1t320ex:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:hikvision:ds-k1t320mfwx_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:hikvision:ds-k1t320mfwx:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:hikvision:ds-k1t320mfx_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:hikvision:ds-k1t320mfx:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:hikvision:ds-k1t320mwx_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:hikvision:ds-k1t320mwx:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:hikvision:ds-k1t320mx_firmware:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page