Sign-up

ID

VAR-202206-2091


CVE

CVE-2022-28172


TITLE

plural  Hangzhou Hikvision Digital Technology  Cross-site scripting vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2022-012515

DESCRIPTION

The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to XSS attack by sending messages with malicious commands to the affected device. ds-a71024 firmware, ds-a71048 firmware, ds-a71072r firmware etc. Hangzhou Hikvision Digital Technology A cross-site scripting vulnerability exists in the product.Information may be obtained and information may be tampered with. Detailed Information ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Product Name: Hikvision Vendor Home Page: https://www.hikvision.com Fixed Version: fixed versions were released by Hikvision Vulnerability Type: CWE-78,89 and 94 CVE Numbers: CVE-2022-28171-CVE-2022-28172 Author of Advisory: Thurein Soe ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Vendor Description: Hikvision is a world-leading surveillance manufacturer and supplier of video surveillance and Internet of Things (IoT) equipment for civilian and military purposes. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Vulnerability description: Some Hikvision Hybrid SAN Products were vulnerable to multiple remote code execution (command injection) vulnerabilities, including Reflected XSS, Ruby code injection, classic and blind SQL injection resulting in remote code execution that allows an adversary to execute arbitrary operating system commands etc. However, an adversary must be on the same network to leverage this vulnerability to execute arbitrary commands. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Vulnerable Versions: Ds-a71024 Firmware Ds-a71024 Firmware Ds-a71048r-cvs Firmware Ds-a71048 Firmware Ds-a71072r Firmware Ds-a71072r Firmware Ds-a72024 Firmware Ds-a72024 Firmware Ds-a72048r-cvs Firmware Ds-a72072r Firmware Ds-a80316s Firmware Ds-a80624s Firmware Ds-a81016s Firmware Ds-a82024d Firmware Ds-a71048r-cvs Ds-a71024 Ds-a71048 Ds-a71072r Ds-a80624s Ds-a82024d Ds-a80316s Ds-a81016s ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Credits: Thurein Soe ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ References: https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-hybrid-san-products/ https://cve.report/CVE-2022-28171 ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Timeline: 11 March 2022: Found security vulnerabilities in a few Hikvision Hybrid SAN Products 23 March 2022: Reported the finding to Hikvision Security Response Center (HSRC) team 24 March 2022: Hikvision Security Response Center (HSRC) team requested further details of reproduction steps and remediation 25 March 2022: Further details of reproduction and remediation steps sent to the Hikvision Security Response Center (HSRC) team 26 March 2022: Hikvision Security Response Center (HSRC) team agreed to issue only two CVEs due to multiple vulnerabilities in a single parameter 22 June 2022: Hikvision Release the Initial fixed Version for the affected products in June 2022. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Trust: 1.8

sources: NVD: CVE-2022-28172 // JVNDB: JVNDB-2022-012515 // VULMON: CVE-2022-28172 // PACKETSTORM: 170818

AFFECTED PRODUCTS

vendor:hikvisionmodel:ds-a72024scope:lteversion:1.1.4

Trust: 1.0

vendor:hikvisionmodel:ds-a72072rscope:lteversion:2.3.8-6

Trust: 1.0

vendor:hikvisionmodel:ds-a72048r-cvsscope:lteversion:1.1.4

Trust: 1.0

vendor:hikvisionmodel:ds-a80316sscope:lteversion:2.3.8-6

Trust: 1.0

vendor:hikvisionmodel:ds-a80624sscope:lteversion:2.3.8-6

Trust: 1.0

vendor:hikvisionmodel:ds-a81016sscope:lteversion:2.3.8-6

Trust: 1.0

vendor:hikvisionmodel:ds-a72024scope:lteversion:2.3.8-6

Trust: 1.0

vendor:hikvisionmodel:ds-a71024scope:lteversion:1.1.4

Trust: 1.0

vendor:hikvisionmodel:ds-a71048scope:lteversion:2.3.8-6

Trust: 1.0

vendor:hikvisionmodel:ds-a82024dscope:lteversion:2.3.8-6

Trust: 1.0

vendor:hikvisionmodel:ds-a71048r-cvsscope:lteversion:1.1.4

Trust: 1.0

vendor:hikvisionmodel:ds-a71024scope:lteversion:2.3.8-6

Trust: 1.0

vendor:hikvisionmodel:ds-a71072rscope:lteversion:2.3.8-6

Trust: 1.0

vendor:hikvision digitalmodel:ds-a72072rscope: - version: -

Trust: 0.8

vendor:hikvision digitalmodel:ds-a71024scope: - version: -

Trust: 0.8

vendor:hikvision digitalmodel:ds-a71072rscope: - version: -

Trust: 0.8

vendor:hikvision digitalmodel:ds-a81016sscope: - version: -

Trust: 0.8

vendor:hikvision digitalmodel:ds-a72048r-cvsscope: - version: -

Trust: 0.8

vendor:hikvision digitalmodel:ds-a80316sscope: - version: -

Trust: 0.8

vendor:hikvision digitalmodel:ds-a72024scope: - version: -

Trust: 0.8

vendor:hikvision digitalmodel:ds-a71048r-cvsscope: - version: -

Trust: 0.8

vendor:hikvision digitalmodel:ds-a80624sscope: - version: -

Trust: 0.8

vendor:hikvision digitalmodel:ds-a82024dscope: - version: -

Trust: 0.8

vendor:hikvision digitalmodel:ds-a71048scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-012515 // NVD: CVE-2022-28172

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-28172
value: MEDIUM

Trust: 1.0

hsrc@hikvision.com: CVE-2022-28172
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-28172
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202206-2627
value: MEDIUM

Trust: 0.6

VULMON: CVE-2022-28172
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-28172
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2022-28172
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

hsrc@hikvision.com: CVE-2022-28172
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-28172
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2022-28172 // JVNDB: JVNDB-2022-012515 // CNNVD: CNNVD-202206-2627 // NVD: CVE-2022-28172 // NVD: CVE-2022-28172

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

problemtype:Cross-site scripting (CWE-79) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-012515 // NVD: CVE-2022-28172

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 170818 // CNNVD: CNNVD-202206-2627

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202206-2627

PATCH

title:Hikvision Hybrid SAN/Cluster Storage Fixes for cross-site scripting vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=199039

Trust: 0.6

sources: CNNVD: CNNVD-202206-2627

EXTERNAL IDS

db:NVDid:CVE-2022-28172

Trust: 3.4

db:PACKETSTORMid:170818

Trust: 2.5

db:JVNDBid:JVNDB-2022-012515

Trust: 0.8

db:CXSECURITYid:WLB-2023020008

Trust: 0.6

db:CNNVDid:CNNVD-202206-2627

Trust: 0.6

db:VULMONid:CVE-2022-28172

Trust: 0.1

sources: VULMON: CVE-2022-28172 // JVNDB: JVNDB-2022-012515 // PACKETSTORM: 170818 // CNNVD: CNNVD-202206-2627 // NVD: CVE-2022-28172

REFERENCES

url:http://packetstormsecurity.com/files/170818/hikvision-remote-code-execution-xss-sql-injection.html

Trust: 3.0

url:https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-hybrid-san-products/

Trust: 2.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-28172

Trust: 0.9

url:https://cxsecurity.com/issue/wlb-2023020008

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-28172/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/79.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-28171

Trust: 0.1

url:https://cve.report/cve-2022-28171

Trust: 0.1

url:https://www.hikvision.com

Trust: 0.1

sources: VULMON: CVE-2022-28172 // JVNDB: JVNDB-2022-012515 // PACKETSTORM: 170818 // CNNVD: CNNVD-202206-2627 // NVD: CVE-2022-28172

CREDITS

Thurein Soe

Trust: 0.7

sources: PACKETSTORM: 170818 // CNNVD: CNNVD-202206-2627

SOURCES

db:VULMONid:CVE-2022-28172
db:JVNDBid:JVNDB-2022-012515
db:PACKETSTORMid:170818
db:CNNVDid:CNNVD-202206-2627
db:NVDid:CVE-2022-28172

LAST UPDATE DATE

2024-08-14T14:49:43.432000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-28172date:2022-07-07T00:00:00
db:JVNDBid:JVNDB-2022-012515date:2023-08-30T08:19:00
db:CNNVDid:CNNVD-202206-2627date:2023-02-03T00:00:00
db:NVDid:CVE-2022-28172date:2023-02-23T17:32:01.983

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-28172date:2022-06-27T00:00:00
db:JVNDBid:JVNDB-2022-012515date:2023-08-30T00:00:00
db:PACKETSTORMid:170818date:2023-01-31T17:17:22
db:CNNVDid:CNNVD-202206-2627date:2022-06-27T00:00:00
db:NVDid:CVE-2022-28172date:2022-06-27T18:15:09.103