8.8
HIGH
CVE-2017-7923
Hikvision Configuration File Password Exposure Vulnerability
Description

A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The password in configuration file vulnerability could allow a malicious user to escalate privileges or assume the identity of another user and access sensitive information.

INFO

Published Date :

May 6, 2017, 12:29 a.m.

Last Modified :

Nov. 21, 2024, 3:32 a.m.

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

2.8
Affected Products

The following products are affected by CVE-2017-7923 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Hikvision ds-2cd2032-i_firmware
2 Hikvision ds-2cd2112-i_firmware
3 Hikvision ds-2cd2132-i_firmware
4 Hikvision ds-2cd2212-i5_firmware
5 Hikvision ds-2cd2232-i5_firmware
6 Hikvision ds-2cd2312-i_firmware
7 Hikvision ds-2cd2332-i_firmware
8 Hikvision ds-2cd2412f-i\(w\)_firmware
9 Hikvision ds-2cd2432f-i\(w\)_firmware
10 Hikvision ds-2cd2512f-i\(s\)_firmware
11 Hikvision ds-2cd2532f-i\(s\)_firmware
12 Hikvision ds-2cd2612f-i\(s\)_firmware
13 Hikvision ds-2cd2632f-i\(s\)_firmware
14 Hikvision ds-2cd2712f-i\(s\)_firmware
15 Hikvision ds-2cd2732f-i\(s\)_firmware
16 Hikvision ds-2cd2t32-i3_firmware
17 Hikvision ds-2cd2t32-i5_firmware
18 Hikvision ds-2cd2t32-i8_firmware
19 Hikvision ds-2cd4012f-\(a\)_firmware
20 Hikvision ds-2cd4012f-\(p\)_firmware
21 Hikvision ds-2cd4012f-\(w\)_firmware
22 Hikvision ds-2cd4012fwd-\(a\)_firmware
23 Hikvision ds-2cd4012fwd-\(p\)_firmware
24 Hikvision ds-2cd4012fwd-\(w\)_firmware
25 Hikvision ds-2cd4024f-\(a\)_firmware
26 Hikvision ds-2cd4024f-\(p\)_firmware
27 Hikvision ds-2cd4024f-\(w\)_firmware
28 Hikvision ds-2cd4032fwd-\(a\)_firmware
29 Hikvision ds-2cd4032fwd-\(p\)_firmware
30 Hikvision ds-2cd4032fwd-\(w\)_firmware
31 Hikvision ds-2cd4112f-i\(z\)_firmware
32 Hikvision ds-2cd4112fwd-i\(z\)_firmware
33 Hikvision ds-2cd4124f-i\(z\)_firmware
34 Hikvision ds-2cd4132fwd-i\(z\)_firmware
35 Hikvision ds-2cd4212f-i\(h\)_firmware
36 Hikvision ds-2cd4212f-i\(s\)_firmware
37 Hikvision ds-2cd4212f-i\(z\)_firmware
38 Hikvision ds-2cd4212fwd-i\(h\)_firmware
39 Hikvision ds-2cd4212fwd-i\(s\)_firmware
40 Hikvision ds-2cd4212fwd-i\(z\)_firmware
41 Hikvision ds-2cd4224f-i\(h\)_firmware
42 Hikvision ds-2cd4224f-i\(s\)_firmware
43 Hikvision ds-2cd4224f-i\(z\)_firmware
44 Hikvision ds-2cd4232fwd-i\(h\)_firmware
45 Hikvision ds-2cd4232fwd-i\(s\)_firmware
46 Hikvision ds-2cd4232fwd-i\(z\)_firmware
47 Hikvision ds-2cd4312f-i\(h\)_firmware
48 Hikvision ds-2cd4312f-i\(s\)_firmware
49 Hikvision ds-2cd4312f-i\(z\)_firmware
50 Hikvision ds-2cd4324f-i\(h\)_firmware
51 Hikvision ds-2cd4324f-i\(s\)_firmware
52 Hikvision ds-2cd4324f-i\(z\)_firmware
53 Hikvision ds-2cd4332fwd-i\(h\)_firmware
54 Hikvision ds-2cd4332fwd-i\(s\)_firmware
55 Hikvision ds-2cd4332fwd-i\(z\)_firmware
56 Hikvision ds-2cd6412fwd_firmware
57 Hikvision ds-2dfx_series_firmware
58 Hikvision ds-2cd63xx_series_firmware
59 Hikvision ds-2cd2032-i
60 Hikvision ds-2cd2112-i
61 Hikvision ds-2cd2132-i
62 Hikvision ds-2cd2212-i5
63 Hikvision ds-2cd2232-i5
64 Hikvision ds-2cd2312-i
65 Hikvision ds-2cd2332-i
66 Hikvision ds-2cd2412f-i\(w\)
67 Hikvision ds-2cd2432f-i\(w\)
68 Hikvision ds-2cd2512f-i\(s\)
69 Hikvision ds-2cd2532f-i\(s\)
70 Hikvision ds-2cd2612f-i\(s\)
71 Hikvision ds-2cd2632f-i\(s\)
72 Hikvision ds-2cd2712f-i\(s\)
73 Hikvision ds-2cd2732f-i\(s\)
74 Hikvision ds-2cd2t32-i3
75 Hikvision ds-2cd2t32-i5
76 Hikvision ds-2cd2t32-i8
77 Hikvision ds-2cd4012f-\(a\)
78 Hikvision ds-2cd4012f-\(p\)
79 Hikvision ds-2cd4012f-\(w\)
80 Hikvision ds-2cd4012fwd-\(a\)
81 Hikvision ds-2cd4012fwd-\(p\)
82 Hikvision ds-2cd4012fwd-\(w\)
83 Hikvision ds-2cd4024f-\(a\)
84 Hikvision ds-2cd4024f-\(p\)
85 Hikvision ds-2cd4024f-\(w\)
86 Hikvision ds-2cd4032fwd-\(a\)
87 Hikvision ds-2cd4032fwd-\(p\)
88 Hikvision ds-2cd4032fwd-\(w\)
89 Hikvision ds-2cd4112f-i\(z\)
90 Hikvision ds-2cd4112fwd-i\(z\)
91 Hikvision ds-2cd4124f-i\(z\)
92 Hikvision ds-2cd4132fwd-i\(z\)
93 Hikvision ds-2cd4212f-i\(h\)
94 Hikvision ds-2cd4212f-i\(s\)
95 Hikvision ds-2cd4212f-i\(z\)
96 Hikvision ds-2cd4212fwd-i\(h\)
97 Hikvision ds-2cd4212fwd-i\(s\)
98 Hikvision ds-2cd4212fwd-i\(z\)
99 Hikvision ds-2cd4224f-i\(h\)
100 Hikvision ds-2cd4224f-i\(s\)
101 Hikvision ds-2cd4224f-i\(z\)
102 Hikvision ds-2cd4232fwd-i\(h\)
103 Hikvision ds-2cd4232fwd-i\(s\)
104 Hikvision ds-2cd4232fwd-i\(z\)
105 Hikvision ds-2cd4312f-i\(h\)
106 Hikvision ds-2cd4312f-i\(s\)
107 Hikvision ds-2cd4312f-i\(z\)
108 Hikvision ds-2cd4324f-i\(h\)
109 Hikvision ds-2cd4324f-i\(s\)
110 Hikvision ds-2cd4324f-i\(z\)
111 Hikvision ds-2cd4332fwd-i\(h\)
112 Hikvision ds-2cd4332fwd-i\(s\)
113 Hikvision ds-2cd4332fwd-i\(z\)
114 Hikvision ds-2cd6412fwd
115 Hikvision ds-2dfx_series
116 Hikvision ds-2cd63xx_series
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2017-7923.

URL Resource
http://www.hikvision.com/us/about_10807.html Patch Vendor Advisory
http://www.securityfocus.com/bid/98313 Third Party Advisory VDB Entry
https://ghostbin.com/paste/q2vq2
https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01 Third Party Advisory US Government Resource
http://www.hikvision.com/us/about_10807.html Patch Vendor Advisory
http://www.securityfocus.com/bid/98313 Third Party Advisory VDB Entry
https://ghostbin.com/paste/q2vq2
https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01 Third Party Advisory US Government Resource

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2017-7923 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2017-7923 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference http://www.hikvision.com/us/about_10807.html
    Added Reference http://www.securityfocus.com/bid/98313
    Added Reference https://ghostbin.com/paste/q2vq2
    Added Reference https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Oct. 09, 2019

    Action Type Old Value New Value
    Added CWE ICS-CERT CWE-260
  • CVE Modified by [email protected]

    Dec. 19, 2017

    Action Type Old Value New Value
    Added Reference https://ghostbin.com/paste/q2vq2 [No Types Assigned]
  • Initial Analysis by [email protected]

    May. 18, 2017

    Action Type Old Value New Value
    Added CVSS V2 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
    Added CVSS V3 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01 No Types Assigned https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01 Third Party Advisory, US Government Resource
    Changed Reference Type http://www.securityfocus.com/bid/98313 No Types Assigned http://www.securityfocus.com/bid/98313 Third Party Advisory, VDB Entry
    Changed Reference Type http://www.hikvision.com/us/about_10807.html No Types Assigned http://www.hikvision.com/us/about_10807.html Patch, Vendor Advisory
    Added CWE CWE-200
    Added CPE Configuration AND OR *cpe:2.3:o:hikvision:ds-2cd2032-i_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd2112-i_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd2132-i_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd2212-i5_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd2232-i5_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd2312-i_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd2332-i_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd2412f-i\(w\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd2432f-i\(w\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd2512f-i\(s\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd2532f-i\(s\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd2612f-i\(s\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd2632f-i\(s\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd2712f-i\(s\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd2732f-i\(s\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd2t32-i3_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd2t32-i5_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd2t32-i8_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd4012f-\(a\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd4012f-\(p\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd4012f-\(w\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd4012fwd-\(a\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd4012fwd-\(p\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd4012fwd-\(w\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd4024f-\(a\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd4024f-\(p\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd4024f-\(w\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd4032fwd-\(a\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd4032fwd-\(p\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd4032fwd-\(w\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd4112f-i\(z\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd4112fwd-i\(z\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd4124f-i\(z\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd4132fwd-i\(z\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd4212f-i\(h\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd4212f-i\(s\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd4212f-i\(z\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd4212fwd-i\(h\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd4212fwd-i\(s\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd4212fwd-i\(z\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd4224f-i\(h\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd4224f-i\(s\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd4224f-i\(z\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd4232fwd-i\(h\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd4232fwd-i\(s\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd4232fwd-i\(z\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd4312f-i\(h\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd4312f-i\(s\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd4312f-i\(z\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd4324f-i\(h\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd4324f-i\(s\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd4324f-i\(z\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd4332fwd-i\(h\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd4332fwd-i\(s\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd4332fwd-i\(z\)_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:hikvision:ds-2cd6412fwd_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hikvision:ds-2cd2032-i:-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd2112-i:-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd2132-i:-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd2212-i5:-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd2232-i5:-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd2312-i:-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd2332-i:-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd2412f-i\(w\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd2432f-i\(w\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd2512f-i\(s\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd2532f-i\(s\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd2612f-i\(s\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd2632f-i\(s\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd2712f-i\(s\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd2732f-i\(s\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd2t32-i3:-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd2t32-i5:-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd2t32-i8:-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd4012f-\(a\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd4012f-\(p\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd4012f-\(w\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd4012fwd-\(a\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd4012fwd-\(p\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd4012fwd-\(w\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd4024f-\(a\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd4024f-\(p\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd4024f-\(w\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd4032fwd-\(a\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd4032fwd-\(p\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd4032fwd-\(w\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd4112f-i\(z\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd4112fwd-i\(z\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd4124f-i\(z\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd4132fwd-i\(z\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd4212f-i\(h\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd4212f-i\(s\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd4212f-i\(z\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd4212fwd-i\(h\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd4212fwd-i\(s\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd4212fwd-i\(z\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd4224f-i\(h\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd4224f-i\(s\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd4224f-i\(z\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd4232fwd-i\(h\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd4232fwd-i\(s\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd4232fwd-i\(z\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd4312f-i\(h\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd4312f-i\(s\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd4312f-i\(z\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd4324f-i\(h\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd4324f-i\(s\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd4324f-i\(z\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd4332fwd-i\(h\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd4332fwd-i\(s\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd4332fwd-i\(z\):-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-2cd6412fwd:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hikvision:ds-2dfx_series_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hikvision:ds-2dfx_series:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hikvision:ds-2cd63xx_series_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hikvision:ds-2cd63xx_series:-:*:*:*:*:*:*:*
  • CVE Modified by [email protected]

    May. 09, 2017

    Action Type Old Value New Value
    Added Reference http://www.securityfocus.com/bid/98313 [No Types Assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2017-7923 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2017-7923 weaknesses.

CAPEC-13: Subverting Environment Variable Values Subverting Environment Variable Values CAPEC-22: Exploiting Trust in Client Exploiting Trust in Client CAPEC-59: Session Credential Falsification through Prediction Session Credential Falsification through Prediction CAPEC-60: Reusing Session IDs (aka Session Replay) Reusing Session IDs (aka Session Replay) CAPEC-79: Using Slashes in Alternate Encoding Using Slashes in Alternate Encoding CAPEC-116: Excavation Excavation CAPEC-169: Footprinting Footprinting CAPEC-224: Fingerprinting Fingerprinting CAPEC-285: ICMP Echo Request Ping ICMP Echo Request Ping CAPEC-287: TCP SYN Scan TCP SYN Scan CAPEC-290: Enumerate Mail Exchange (MX) Records Enumerate Mail Exchange (MX) Records CAPEC-291: DNS Zone Transfers DNS Zone Transfers CAPEC-292: Host Discovery Host Discovery CAPEC-293: Traceroute Route Enumeration Traceroute Route Enumeration CAPEC-294: ICMP Address Mask Request ICMP Address Mask Request CAPEC-295: Timestamp Request Timestamp Request CAPEC-296: ICMP Information Request ICMP Information Request CAPEC-297: TCP ACK Ping TCP ACK Ping CAPEC-298: UDP Ping UDP Ping CAPEC-299: TCP SYN Ping TCP SYN Ping CAPEC-300: Port Scanning Port Scanning CAPEC-301: TCP Connect Scan TCP Connect Scan CAPEC-302: TCP FIN Scan TCP FIN Scan CAPEC-303: TCP Xmas Scan TCP Xmas Scan CAPEC-304: TCP Null Scan TCP Null Scan CAPEC-305: TCP ACK Scan TCP ACK Scan CAPEC-306: TCP Window Scan TCP Window Scan CAPEC-307: TCP RPC Scan TCP RPC Scan CAPEC-308: UDP Scan UDP Scan CAPEC-309: Network Topology Mapping Network Topology Mapping CAPEC-310: Scanning for Vulnerable Software Scanning for Vulnerable Software CAPEC-312: Active OS Fingerprinting Active OS Fingerprinting CAPEC-313: Passive OS Fingerprinting Passive OS Fingerprinting CAPEC-317: IP ID Sequencing Probe IP ID Sequencing Probe CAPEC-318: IP 'ID' Echoed Byte-Order Probe IP 'ID' Echoed Byte-Order Probe CAPEC-319: IP (DF) 'Don't Fragment Bit' Echoing Probe IP (DF) 'Don't Fragment Bit' Echoing Probe CAPEC-320: TCP Timestamp Probe TCP Timestamp Probe CAPEC-321: TCP Sequence Number Probe TCP Sequence Number Probe CAPEC-322: TCP (ISN) Greatest Common Divisor Probe TCP (ISN) Greatest Common Divisor Probe CAPEC-323: TCP (ISN) Counter Rate Probe TCP (ISN) Counter Rate Probe CAPEC-324: TCP (ISN) Sequence Predictability Probe TCP (ISN) Sequence Predictability Probe CAPEC-325: TCP Congestion Control Flag (ECN) Probe TCP Congestion Control Flag (ECN) Probe CAPEC-326: TCP Initial Window Size Probe TCP Initial Window Size Probe CAPEC-327: TCP Options Probe TCP Options Probe CAPEC-328: TCP 'RST' Flag Checksum Probe TCP 'RST' Flag Checksum Probe CAPEC-329: ICMP Error Message Quoting Probe ICMP Error Message Quoting Probe CAPEC-330: ICMP Error Message Echoing Integrity Probe ICMP Error Message Echoing Integrity Probe CAPEC-472: Browser Fingerprinting Browser Fingerprinting CAPEC-497: File Discovery File Discovery CAPEC-508: Shoulder Surfing Shoulder Surfing CAPEC-573: Process Footprinting Process Footprinting CAPEC-574: Services Footprinting Services Footprinting CAPEC-575: Account Footprinting Account Footprinting CAPEC-576: Group Permission Footprinting Group Permission Footprinting CAPEC-577: Owner Footprinting Owner Footprinting CAPEC-616: Establish Rogue Location Establish Rogue Location CAPEC-643: Identify Shared Files/Directories on System Identify Shared Files/Directories on System CAPEC-646: Peripheral Footprinting Peripheral Footprinting CAPEC-651: Eavesdropping Eavesdropping
Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.22 }} -0.01%

score

0.59770

percentile

CVSS30 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability