Vulnerability Details : CVE-2023-6894
Potential exploit
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been classified as problematic. This affects an unknown part of the file access/html/system.html of the component Log File Handler. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-248253 was assigned to this vulnerability.
Vulnerability category: Information leak
Products affected by CVE-2023-6894
- cpe:2.3:o:hikvision:intercom_broadcast_system:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-6894
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 46 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-6894
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.3
|
LOW | AV:A/AC:L/Au:N/C:P/I:N/A:N |
6.5
|
2.9
|
VulDB | |
4.3
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
VulDB | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2023-6894
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: cna@vuldb.com (Secondary)
References for CVE-2023-6894
-
https://vuldb.com/?id.248253
CVE-2023-6894: Hikvision Intercom Broadcasting System Log File system.html information disclosureThird Party Advisory
-
https://github.com/willchen0011/cve/blob/main/unaccess.md
cve/unaccess.md at main · Beatriz-ai-boop/cve · GitHubExploit;Third Party Advisory
-
https://vuldb.com/?ctiid.248253
CVE-2023-6894: Hikvision Intercom Broadcasting System Log File system.html information disclosurePermissions Required;Third Party Advisory
Jump to