Hikvision Multiple Products Command Injection (CVE-2021-36260)

critical Tenable OT Security Plugin ID 502303

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

See Also

http://www.nessus.org/u?fdaf1c58

http://www.nessus.org/u?946d8cfc

http://www.nessus.org/u?b59bc082

http://www.nessus.org/u?d42142cf

http://www.nessus.org/u?2e8d8826

Plugin Details

Severity: Critical

ID: 502303

Version: 1.2

Type: remote

Family: Tenable.ot

Published: 7/22/2024

Updated: 7/22/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Critical

Score: 9.6

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-36260

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:hikvision:ds-2cvx1_series, cpe:/o:hikvision:ds-2cd2x27g1_series, cpe:/o:hikvision:ds-hilooki-nvr-1xmhx-c%28c%29_series, cpe:/o:hikvision:ds-2td81x-x%2fv2_series, cpe:/o:hikvision:ds-hilooki-nvr-2xmhx-c%28c%29_series, cpe:/o:hikvision:ds-2cd2x21g1%28c%29_series, cpe:/o:hikvision:ids-2sr8x_series, cpe:/o:hikvision:ds-2se7x_series, cpe:/o:hikvision:ds-hiwatchi-hwn-21xmhx%28c%29_series, cpe:/o:hikvision:ds-2cd2x1g1_series, cpe:/o:hikvision:ids-2dex_series, cpe:/o:hikvision:ds-hiwatchi-hwn-21xhx%28c%29_series, cpe:/o:hikvision:ids-2ptx_series, cpe:/o:hikvision:ids-2cd6810, cpe:/o:hikvision:ds-2cd2x21g0%28c%29_series, cpe:/o:hikvision:ds-2cd3x7g2_series, cpe:/o:hikvision:ds-2cd3x7g2%28c%29_series, cpe:/o:hikvision:ds-2cd4x6_series, cpe:/o:hikvision:ds-2cd1x1_series, cpe:/o:hikvision:ipc-x_series, cpe:/o:hikvision:ds-2cd2x7g2_series, cpe:/o:hikvision:ds-2cd1x53%28b%29_series, cpe:/o:hikvision:ds-2td81x-x%2fwx_series, cpe:/o:hikvision:ds-2cd2x27g3e_series, cpe:/o:hikvision:ds-bx_series, cpe:/o:hikvision:ds-2xc66x5g0_series, cpe:/o:hikvision:ds-2ptx_series, cpe:/o:hikvision:ds-2cd1x7g0_series, cpe:/o:hikvision:ds-2df5x_series, cpe:/o:hikvision:ds-2cd1x43g0e_series, cpe:/o:hikvision:ds-76xni-qx%28c%29_series, cpe:/o:hikvision:ds-2cd2x6g2_series, cpe:/o:hikvision:ds-2cd1x43%28b%29_series, cpe:/o:hikvision:ds-2cd8cx6g0_series, cpe:/o:hikvision:ds-2cd3x3g2_series, cpe:/o:hikvision:ds-hiwatchi-hwn-42xmhx%28c%29_series, cpe:/o:hikvision:ids-2sk7x_series, cpe:/o:hikvision:ds-2dyhx_series, cpe:/o:hikvision:ds-2td62x-x%2fv2_series, cpe:/o:hikvision:ds-76xni-k1x%28c%29_series, cpe:/o:hikvision:ds-2xm6x2fwd_series, cpe:/o:hikvision:ds-2cd4x5g0_series, cpe:/o:hikvision:ds-2cd1x53%28c%29_series, cpe:/o:hikvision:ds-2cd3x6g2%28c%29_series, cpe:/o:hikvision:ds-hilooki-nvr-1xmhx-d%28c%29_series, cpe:/o:hikvision:ds-2cd4x0_series, cpe:/o:hikvision:ds-2cd3x21g0_series, cpe:/o:hikvision:ds-2df6x-cx_series, cpe:/o:hikvision:ds-2cd1x43%28c%29_series, cpe:/o:hikvision:ds-2cd4x6fwd_series, cpe:/o:hikvision:ds-hiwatchi-hwn-41xmhx%28c%29_series, cpe:/o:hikvision:ds-2xe62x2f%28d%29_series, cpe:/o:hikvision:ds-2tbx_series, cpe:/o:hikvision:ids-2xm6810, cpe:/o:hikvision:ds-2cd1x23g0e%28c%29_series, cpe:/o:hikvision:ds-2cd3x7g0e_series, cpe:/o:hikvision:ds-2xe6x5g0_series, cpe:/o:hikvision:ds-2df8x_series, cpe:/o:hikvision:ds-2cd1x23g0_series, cpe:/o:hikvision:ds-2df9x_series, cpe:/o:hikvision:ds-2cd2x3g2_series, cpe:/o:hikvision:ds-2dex_series, cpe:/o:hikvision:ds-71xni-q1x%28c%29_series, cpe:/o:hikvision:ds-2xe6x2f_series, cpe:/o:hikvision:ds-2df6x_series, cpe:/o:hikvision:ds-2cd2x1g0_series, cpe:/o:hikvision:ids-2vsx_series, cpe:/o:hikvision:ds-2cd3x21g0%28c%29_series, cpe:/o:hikvision:ds-2cvx6_series, cpe:/o:hikvision:ds-2cd3x51g0%28c%29_series, cpe:/o:hikvision:ds-2td1x-x_series, cpe:/o:hikvision:ds-2td2x-x_series, cpe:/o:hikvision:ds-2cd2x7g2%28c%29_series, cpe:/o:hikvision:ds-2td4x-x%2fv2_series, cpe:/o:hikvision:ds-2dy9x_series, cpe:/o:hikvision:ds-2xe64x2f%28b%29_series, cpe:/o:hikvision:ids-2pt9x_series, cpe:/o:hikvision:ds-2df7x_series, cpe:/o:hikvision:ds-2td41x-x%2fwx_series, cpe:/o:hikvision:ds-2xm6x2g0_series, cpe:/o:hikvision:ds-2cd2x6g2%28c%29_series, cpe:/o:hikvision:ids-2sk8x_series, cpe:/o:hikvision:ds-2tdxb_series, cpe:/o:hikvision:ds-2td62x-x%2fwx_series, cpe:/o:hikvision:ds-hilooki-nvr-1xhx-d%28c%29_series, cpe:/o:hikvision:ds-2cd3x6g2_series

Required KB Items: Tenable.ot/Hikvision

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/22/2021

Vulnerability Publication Date: 9/22/2021

CISA Known Exploited Vulnerability Due Dates: 1/24/2022

Exploitable With

Metasploit (Hikvision IP Camera Unauthenticated Command Injection)

Reference Information

CVE: CVE-2021-36260