Aperçu
Hikvision IP camera devices contain improper authentication vulnerabilities in multiple product series that allow malicious users with network access to escalate privileges and access sensitive information. The vulnerability exists due to inadequate user authentication mechanisms in the firmware. La vulnérabilité a été divulguée le May 6, 2017. CISA a identifié CVE-2017-7921 comme étant exploitée mais n'est pas actuellement connue pour être utilisée dans des campagnes de rançongiciel.
Détails techniques
Hikvision IP camera devices across multiple product lines contain improper authentication vulnerabilities in their firmware versions. The vulnerability stems from inadequate authentication mechanisms that fail to properly validate user credentials and enforce appropriate access controls. This allows attackers with network access to the device to bypass authentication controls, escalate their privileges, and gain unauthorized access to sensitive information including video streams, configuration data, and system logs.
La vulnérabilité est classifiée comme CWE-287 (Improper Authentication) , CWE-269 (Improper Access Control) etCWE-640 (Weak Password Recovery Mechanism for Forgotten Password) .
La vulnérabilité a reçu un score de base CVSS v3.1 de 9.8 (CRITICAL) avec la chaîne vectorielle CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H, indiquant sa nature critical.
Impact
Successful exploitation allows attackers to completely compromise affected Hikvision IP camera devices. Attackers can escalate privileges from an unauthenticated state to administrative access, enabling them to: (1) Access and view video streams and recorded footage; (2) Modify device configuration and settings; (3) Extract sensitive information including system logs and credentials; (4) Disable security features; (5) Potentially pivot into the network where the camera is deployed; (6) Create or modify user accounts for persistent access. Given that these devices are often deployed in critical surveillance infrastructure for banks, government facilities, airports, and other sensitive locations, the impact extends beyond individual device compromise to potential reconnaissance for larger infrastructure attacks.
Mitigation et contournements
1. Download the appropriate firmware version from Hikvision's official support portal for your specific device model 2. Connect to the device's web management interface using a valid administrator account 3. Navigate to System > Firmware Upgrade 4. Select the downloaded firmware file and initiate the upgrade process 5. Allow the device to reboot (this may take several minutes) 6. Verify the upgrade was successful by checking the firmware version in System Information 7. After upgrading, reset user credentials and review access control policies 8. Consider resetting the device to factory defaults and reconfiguring if compromise is suspected Les versions suivantes incluent les correctifs nécessaires : DS-2CD2xx2F-I Series: V5.4.1 and later, DS-2CD2xx0F-I Series: V5.4.1 and later, DS-2CD2xx2FWD Series: V5.4.5 and later, DS-2CD4x2xFWD Series: V5.4.1 and later, DS-2CD4xx5 Series: V5.4.1 and later, DS-2DFx Series: V5.4.6 and later, DS-2CD63xx Series: V5.3.6 and later.
Comme contournements temporaires : implement network segmentation to restrict access to hikvision devices. deploy the cameras on an isolated vlan with strict access control lists (acls) limiting connections to only authorized management stations and video recording systems.; deploy a firewall or intrusion prevention system (ips) configured to monitor and block suspicious authentication attempts and privilege escalation attempts to hikvision devices.; disable the web management interface if it is not required and access the device only through local connections when possible., et implement strong network-level authentication and encryption (vpn, tls 1.2+) for any administrative access to affected devices..
Recommandation de CISA : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Ressources additionnelles
Source : Ce rapport a été généré par IA
