Lucene search

[email protected]NVD:CVE-2023-28812

HistoryNov 23, 2023 - 9:15 a.m.

CVE-2023-28812

2023-11-2309:15:32

CWE-120

[email protected]

web.nvd.nist.gov

buffer overflow

web browser

arbitrary code execution

vulnerability

crafted messages

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

48.9%

JSON

There is a buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which could lead to arbitrary code execution or cause process exception of the plug-in.

Affected configurations

NVD

Node

hikvisionlocalservicecomponentsRange≤1.0.0.78

References

www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikvision-web-browser-plug-in-locals/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

48.9%

JSON

Related for NVD:CVE-2023-28812

prion1 cve1 cvelist1