CVE-2023-28809

Name of the Vulnerable Software and Affected Versions Hikvision Access Control (affected versions not specified)

Description The issue allows attackers to perform a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit this, attackers must request the session ID at the same time as a valid user logs in, and then gain device operation permissions by forging the IP and session ID of an authenticated user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.