CVE-2023-6894 in Intercom Broadcasting System
Summary
by MITRE • 12/17/2023
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been classified as problematic. This affects an unknown part of the file access/html/system.html of the component Log File Handler. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-248253 was assigned to this vulnerability.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 01/11/2024
The vulnerability identified as CVE-2023-6894 resides within the Hikvision Intercom Broadcasting System version 3.0.3_20201113_RELEASE, specifically targeting the Log File Handler component located in the access/html/system.html file. This issue represents a significant security concern as it enables unauthorized information disclosure through a flaw in the system's access control mechanisms. The vulnerability's classification as problematic indicates that it poses a real threat to system integrity and data confidentiality, particularly given that public exploitation methods have been documented and made available.
The technical flaw manifests in the improper handling of log file access within the system's web interface, where the system fails to adequately validate or restrict access to sensitive system information. This weakness allows attackers to potentially extract confidential data that should be protected from unauthorized access, creating a pathway for information disclosure attacks that could reveal system configurations, user data, or other sensitive operational details. The vulnerability's impact extends beyond simple data exposure as it undermines the fundamental security assumptions of the system's access controls.
From an operational standpoint, this vulnerability creates substantial risk for organizations relying on Hikvision intercom systems, particularly those in security-sensitive environments where unauthorized access to system logs could compromise surveillance operations or reveal critical infrastructure information. The disclosure of this exploit means that malicious actors can readily leverage this weakness without requiring advanced technical skills, making it particularly dangerous in production environments. The affected system component's role in handling system logs makes this vulnerability especially concerning as log files often contain sensitive operational data that could be used for further attacks or system compromise.
The recommended mitigation strategy involves upgrading to version 4.1.0 of the affected system, which addresses the information disclosure vulnerability through improved access controls and proper validation of log file access requests. Organizations should prioritize this upgrade as a critical security measure, particularly given the public availability of exploitation methods. This vulnerability aligns with CWE-200, which covers "Information Exposure," and may also relate to CWE-284, "Improper Access Control," depending on the specific implementation details. The ATT&CK framework would categorize this vulnerability under T1071.004, "Application Layer Protocol: DNS," if the exploitation involves DNS-based information gathering, or potentially T1566, "Phishing," if attackers use the disclosed information for social engineering purposes. Organizations should also implement additional monitoring of log file access patterns and consider network segmentation to limit potential impact should the vulnerability be exploited despite the upgrade.