CVE-2023-28812 - Vulnerability Details - OpenCVE

There is a buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which could lead to arbitrary code execution or cause process exception of the plug-in.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Hikvision	Localservicecomponents

Configuration 1 [-]

cpe:2.3:a:hikvision:localservicecomponents:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikvision-web-browser-plug-in-locals/

History

Mon, 02 Dec 2024 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: hikvision

Published: 2023-11-23T08:35:01.739Z

Updated: 2024-12-02T19:42:18.930Z

Reserved: 2023-03-23T19:49:08.440Z

Link: CVE-2023-28812

Vulnrichment

Updated: 2024-08-02T13:51:38.527Z

NVD

Status : Modified

Published: 2023-11-23T09:15:32.930

Modified: 2024-11-21T07:56:04.180

Link: CVE-2023-28812

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-28812", "assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32", "state": "PUBLISHED", "assignerShortName": "hikvision", "dateReserved": "2023-03-23T19:49:08.440Z", "datePublished": "2023-11-23T08:35:01.739Z", "dateUpdated": "2024-12-02T19:42:18.930Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "There is a buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which could lead to arbitrary code execution or cause process exception of the plug-in."}], "affected": [{"vendor": "Hikvision", "product": "LocalServiceComponents", "versions": [{"version": "version 1.0.0.78 and the versions prior to it", "status": "affected"}]}], "references": [{"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikvision-web-browser-plug-in-locals/"}], "credits": [{"lang": "en", "value": "KITRI BoB 12th", "type": "finder"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}}], "providerMetadata": {"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32", "shortName": "hikvision", "dateUpdated": "2024-07-15T00:27:54.327174Z"}, "x_generator": {"engine": "cveClient/1.0.15"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T13:51:38.527Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikvision-web-browser-plug-in-locals/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-02T19:41:44.704597Z", "id": "CVE-2023-28812", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-02T19:42:18.930Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikvision-web-browser-plug-in-locals/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T13:51:38.527Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-28812", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-02T19:41:44.704597Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-02T19:41:56.173Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "KITRI BoB 12th"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Hikvision", "product": "LocalServiceComponents", "versions": [{"status": "affected", "version": "version 1.0.0.78 and the versions prior to it"}]}], "references": [{"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikvision-web-browser-plug-in-locals/"}], "x_generator": {"engine": "cveClient/1.0.15"}, "descriptions": [{"lang": "en", "value": "There is a buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which could lead to arbitrary code execution or cause process exception of the plug-in."}], "providerMetadata": {"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32", "shortName": "hikvision", "dateUpdated": "2024-07-15T00:27:54.327174Z"}}}, "cveMetadata": {"cveId": "CVE-2023-28812", "state": "PUBLISHED", "dateUpdated": "2024-12-02T19:42:18.930Z", "dateReserved": "2023-03-23T19:49:08.440Z", "assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32", "datePublished": "2023-11-23T08:35:01.739Z", "assignerShortName": "hikvision"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hikvision:localservicecomponents:*:*:*:*:*:*:*:*", "matchCriteriaId": "45D87F15-B878-4801-8095-57D968B98267", "versionEndIncluding": "1.0.0.78", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "There is a buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which could lead to arbitrary code execution or cause process exception of the plug-in."}, {"lang": "es", "value": "Existe una vulnerabilidad de desbordamiento del b\u00fafer en un complemento del navegador web que podr\u00eda permitir que un atacante aproveche la vulnerabilidad enviando mensajes manipulados a las maquinas instaladas con este complemento, lo que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario o provocar una excepci\u00f3n en el proceso del complemento."}], "id": "CVE-2023-28812", "lastModified": "2024-11-21T07:56:04.180", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "hsrc@hikvision.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-23T09:15:32.930", "references": [{"source": "hsrc@hikvision.com", "tags": ["Vendor Advisory"], "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikvision-web-browser-plug-in-locals/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikvision-web-browser-plug-in-locals/"}], "sourceIdentifier": "hsrc@hikvision.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}