Hikvision Alerts Technology Partners to Vulnerability in Some Products
The company has made patches available on its website to address the vulnerability.
Hikvision reports it’s not aware of the vulnerability being exploited in the field, but is encouraging its partners to work with their customers to install the patch and ensure proper cyber hygiene.
City of Industry, Calif. – Hikvision has issued a notice to its technology partners about a vulnerability in some Hikvision Hybrid SAN\cluster storage products. The company made patches available on its website to address the vulnerability.
Below is the Hikvision letter, which the company sent out to its partners:
April 10, 2023
Dear Valued Partner:
Today, Hikvision has issued the patches (Hybrid SAN, Cluster Storage) available on our website that fix a vulnerability (CVE-2023-28808) in some Hikvision Hybrid SAN\cluster storage products.
Hikvision has rated this vulnerability as 9.1 (critical) using the CVSS v3.1 calculator. The list of products affected by the vulnerability can be accessed on our website. While Hikvision is not aware of this vulnerability being exploited in the field, we recognize that some of our partners may have installed Hikvision equipment that is affected by this vulnerability and we strongly encourage them to work with their customers to install the patch and ensure proper cyber hygiene.
With this vulnerability, we want to provide you the details and timeline to reassure you of Hikvision’s strong commitment to cybersecurity and following the standard Coordinated Disclosure Process. In January 2023, Souvik Kandar and Arko Dhar of the Redinent Innovations team in India reported a potential vulnerability in Hikvision products to the Hikvision Security Response Center (HSRC). Once the HSRC confirmed existence of the vulnerability, it worked with the researchers and the National Computer Emergency Response Team of India (CERT-In) to develop the patches and verify the successful mitigation of the reported.
Hikvision is a CVE Partner and is committed to continuing to work with third-party security researchers to find, patch, disclose and release updates to products in a timely manner that best protects the users of Hikvision products. To report any security issues or vulnerabilities in Hikvision products and solutions, please contact Hikvision Security Response Center at [email protected].
Hikvision strictly complies with the laws and regulations in all countries and regions where we operate, and we apply the highest standards of cybersecurity practices in an effort to best protect the users of Hikvision products around the world.
Please do not hesitate to contact our team with any questions or concerns.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!
Related Content
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.
A FREE subscription to the top resource for security and integration industry will prove to be invaluable.
