Sign-up

ID

VAR-202206-1989


CVE

CVE-2022-28171


TITLE

plural  Hangzhou Hikvision Digital Technology  Command injection vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2022-012516

DESCRIPTION

The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to execute restricted commands by sending messages with malicious commands to the affected device. ds-a71024 firmware, ds-a71048 firmware, ds-a71072r firmware etc. Hangzhou Hikvision Digital Technology The product contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Detailed Information ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Product Name: Hikvision Vendor Home Page: https://www.hikvision.com Fixed Version: fixed versions were released by Hikvision Vulnerability Type: CWE-78,89 and 94 CVE Numbers: CVE-2022-28171-CVE-2022-28172 Author of Advisory: Thurein Soe ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Vendor Description: Hikvision is a world-leading surveillance manufacturer and supplier of video surveillance and Internet of Things (IoT) equipment for civilian and military purposes. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Vulnerability description: Some Hikvision Hybrid SAN Products were vulnerable to multiple remote code execution (command injection) vulnerabilities, including Reflected XSS, Ruby code injection, classic and blind SQL injection resulting in remote code execution that allows an adversary to execute arbitrary operating system commands etc. However, an adversary must be on the same network to leverage this vulnerability to execute arbitrary commands. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Vulnerable Versions: Ds-a71024 Firmware Ds-a71024 Firmware Ds-a71048r-cvs Firmware Ds-a71048 Firmware Ds-a71072r Firmware Ds-a71072r Firmware Ds-a72024 Firmware Ds-a72024 Firmware Ds-a72048r-cvs Firmware Ds-a72072r Firmware Ds-a80316s Firmware Ds-a80624s Firmware Ds-a81016s Firmware Ds-a82024d Firmware Ds-a71048r-cvs Ds-a71024 Ds-a71048 Ds-a71072r Ds-a80624s Ds-a82024d Ds-a80316s Ds-a81016s ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Credits: Thurein Soe ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ References: https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-hybrid-san-products/ https://cve.report/CVE-2022-28171 ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Timeline: 11 March 2022: Found security vulnerabilities in a few Hikvision Hybrid SAN Products 23 March 2022: Reported the finding to Hikvision Security Response Center (HSRC) team 24 March 2022: Hikvision Security Response Center (HSRC) team requested further details of reproduction steps and remediation 25 March 2022: Further details of reproduction and remediation steps sent to the Hikvision Security Response Center (HSRC) team 26 March 2022: Hikvision Security Response Center (HSRC) team agreed to issue only two CVEs due to multiple vulnerabilities in a single parameter 22 June 2022: Hikvision Release the Initial fixed Version for the affected products in June 2022. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Trust: 1.8

sources: NVD: CVE-2022-28171 // JVNDB: JVNDB-2022-012516 // VULMON: CVE-2022-28171 // PACKETSTORM: 170818

AFFECTED PRODUCTS

vendor:hikvisionmodel:ds-a72024scope:lteversion:1.1.4

Trust: 1.0

vendor:hikvisionmodel:ds-a72072rscope:lteversion:2.3.8-6

Trust: 1.0

vendor:hikvisionmodel:ds-a72048r-cvsscope:lteversion:1.1.4

Trust: 1.0

vendor:hikvisionmodel:ds-a80316sscope:lteversion:2.3.8-6

Trust: 1.0

vendor:hikvisionmodel:ds-a80624sscope:lteversion:2.3.8-6

Trust: 1.0

vendor:hikvisionmodel:ds-a81016sscope:lteversion:2.3.8-6

Trust: 1.0

vendor:hikvisionmodel:ds-a72024scope:lteversion:2.3.8-6

Trust: 1.0

vendor:hikvisionmodel:ds-a71024scope:lteversion:1.1.4

Trust: 1.0

vendor:hikvisionmodel:ds-a71048scope:lteversion:2.3.8-6

Trust: 1.0

vendor:hikvisionmodel:ds-a82024dscope:lteversion:2.3.8-6

Trust: 1.0

vendor:hikvisionmodel:ds-a71048r-cvsscope:lteversion:1.1.4

Trust: 1.0

vendor:hikvisionmodel:ds-a71024scope:lteversion:2.3.8-6

Trust: 1.0

vendor:hikvisionmodel:ds-a71072rscope:lteversion:2.3.8-6

Trust: 1.0

vendor:hikvision digitalmodel:ds-a72072rscope: - version: -

Trust: 0.8

vendor:hikvision digitalmodel:ds-a71024scope: - version: -

Trust: 0.8

vendor:hikvision digitalmodel:ds-a71072rscope: - version: -

Trust: 0.8

vendor:hikvision digitalmodel:ds-a81016sscope: - version: -

Trust: 0.8

vendor:hikvision digitalmodel:ds-a72048r-cvsscope: - version: -

Trust: 0.8

vendor:hikvision digitalmodel:ds-a80316sscope: - version: -

Trust: 0.8

vendor:hikvision digitalmodel:ds-a72024scope: - version: -

Trust: 0.8

vendor:hikvision digitalmodel:ds-a71048r-cvsscope: - version: -

Trust: 0.8

vendor:hikvision digitalmodel:ds-a80624sscope: - version: -

Trust: 0.8

vendor:hikvision digitalmodel:ds-a82024dscope: - version: -

Trust: 0.8

vendor:hikvision digitalmodel:ds-a71048scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-012516 // NVD: CVE-2022-28171

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-28171
value: CRITICAL

Trust: 1.0

hsrc@hikvision.com: CVE-2022-28171
value: HIGH

Trust: 1.0

NVD: CVE-2022-28171
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202206-2629
value: CRITICAL

Trust: 0.6

VULMON: CVE-2022-28171
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-28171
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2022-28171
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

hsrc@hikvision.com: CVE-2022-28171
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-28171
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2022-28171 // JVNDB: JVNDB-2022-012516 // CNNVD: CNNVD-202206-2629 // NVD: CVE-2022-28171 // NVD: CVE-2022-28171

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:CWE-78

Trust: 1.0

problemtype:Command injection (CWE-77) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-012516 // NVD: CVE-2022-28171

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 170818 // CNNVD: CNNVD-202206-2629

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202206-2629

PATCH

title:Hikvision Hybrid SAN/Cluster Storage Fixes for command injection vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=199041

Trust: 0.6

title: - url:https://github.com/NyaMeeEain/CVE-2022-28171-POC

Trust: 0.1

title: - url:https://github.com/khulnasoft-labs/awesome-security

Trust: 0.1

sources: VULMON: CVE-2022-28171 // CNNVD: CNNVD-202206-2629

EXTERNAL IDS

db:NVDid:CVE-2022-28171

Trust: 3.4

db:PACKETSTORMid:170818

Trust: 2.6

db:PACKETSTORMid:173653

Trust: 2.5

db:JVNDBid:JVNDB-2022-012516

Trust: 0.8

db:CXSECURITYid:WLB-2023020008

Trust: 0.6

db:CXSECURITYid:WLB-2023070051

Trust: 0.6

db:CXSECURITYid:WLB-2023070037

Trust: 0.6

db:EXPLOIT-DBid:51607

Trust: 0.6

db:CNNVDid:CNNVD-202206-2629

Trust: 0.6

db:VULMONid:CVE-2022-28171

Trust: 0.1

sources: VULMON: CVE-2022-28171 // JVNDB: JVNDB-2022-012516 // PACKETSTORM: 170818 // CNNVD: CNNVD-202206-2629 // NVD: CVE-2022-28171

REFERENCES

url:http://packetstormsecurity.com/files/170818/hikvision-remote-code-execution-xss-sql-injection.html

Trust: 3.1

url:https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-hybrid-san-products/

Trust: 2.6

url:http://packetstormsecurity.com/files/173653/hikvision-hybrid-san-ds-a71024-sql-injection.html

Trust: 2.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-28171

Trust: 0.9

url:https://cxsecurity.com/issue/wlb-2023070037

Trust: 0.6

url:https://cxsecurity.com/issue/wlb-2023070051

Trust: 0.6

url:https://www.exploit-db.com/exploits/51607

Trust: 0.6

url:https://cxsecurity.com/issue/wlb-2023020008

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-28171/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/77.html

Trust: 0.1

url:https://github.com/nyameeeain/cve-2022-28171-poc

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-28172

Trust: 0.1

url:https://cve.report/cve-2022-28171

Trust: 0.1

url:https://www.hikvision.com

Trust: 0.1

sources: VULMON: CVE-2022-28171 // JVNDB: JVNDB-2022-012516 // PACKETSTORM: 170818 // CNNVD: CNNVD-202206-2629 // NVD: CVE-2022-28171

CREDITS

Thurein Soe

Trust: 0.7

sources: PACKETSTORM: 170818 // CNNVD: CNNVD-202206-2629

SOURCES

db:VULMONid:CVE-2022-28171
db:JVNDBid:JVNDB-2022-012516
db:PACKETSTORMid:170818
db:CNNVDid:CNNVD-202206-2629
db:NVDid:CVE-2022-28171

LAST UPDATE DATE

2024-08-14T14:49:43.400000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-28171date:2023-08-02T00:00:00
db:JVNDBid:JVNDB-2022-012516date:2023-08-30T08:19:00
db:CNNVDid:CNNVD-202206-2629date:2023-07-24T00:00:00
db:NVDid:CVE-2022-28171date:2023-08-02T17:21:06.843

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-28171date:2022-06-27T00:00:00
db:JVNDBid:JVNDB-2022-012516date:2023-08-30T00:00:00
db:PACKETSTORMid:170818date:2023-01-31T17:17:22
db:CNNVDid:CNNVD-202206-2629date:2022-06-27T00:00:00
db:NVDid:CVE-2022-28171date:2022-06-27T18:15:09.033