Lucene search

HikvisionCVELIST:CVE-2023-28812

HistoryNov 23, 2023 - 8:35 a.m.

CVE-2023-28812

2023-11-2308:35:01

hikvision

www.cve.org

buffer overflow

web browser

plug-in

crafted messages

arbitrary code execution

process exception

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

10 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.9%

JSON

There is a buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which could lead to arbitrary code execution or cause process exception of the plug-in.

CNA Affected

[
  {
    "vendor": "Hikvision",
    "product": "LocalServiceComponents",
    "versions": [
      {
        "version": "version 1.0.0.78 and the versions prior to it",
        "status": "affected"
      }
    ]
  }
]

References

www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikvision-web-browser-plug-in-locals/

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

10 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.9%

JSON

Related for CVELIST:CVE-2023-28812