CISA KEV 정보
| 취약점명 | Hikvision Multiple Products Improper Authentication Vulnerability |
|---|---|
| 설명 | Multiple Hikvision products contain an improper authentication vulnerability that could allow a malicious user to escalate privileges on the system and gain access to sensitive information. |
| 조치사항 | Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-287 |
| 등록일 (KEV) | 2026-03-05 |
| 조치 기한 | 2026-03-26 |
| 추가 참고 | https://www.hikvision.com/us-en/support/document-center/special-notices/privilege-escalating-vulnerability-in-certain-hikvision-ip-cameras/ ; https://nvd.nist.gov/vuln/detail/CVE-2017-7921 |
NVD 상세 정보
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HAV:N/AC:L/Au:N/C:P/I:P/A:P설명: An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.
CWE: CWE-287 | CWE-287
참조
- http://www.hikvision.com/us/about_10805.html [Patch, Vendor Advisory]
- http://www.securityfocus.com/bid/98313 [Third Party Advisory, VDB Entry]
- https://ghostbin.com/paste/q2vq2
- https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01 [Third Party Advisory, US Government Resource]
- http://www.hikvision.com/us/about_10805.html [Patch, Vendor Advisory]
- http://www.securityfocus.com/bid/98313 [Third Party Advisory, VDB Entry]
- https://ghostbin.com/paste/q2vq2
- https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01 [Third Party Advisory, US Government Resource]
- https://www.hikvision.com/cn/support/CybersecurityCenter/SecurityNotices/20170314/
- https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification--privilege-escalating-vulnerability-in-cer/
- https://www.hikvision.com/us-en/support/document-center/special-notices/privilege-escalating-vulnerability-in-certain-hikvision-ip-cameras/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-7921
This product uses the NVD API but is not endorsed or certified by the NVD.