Hikivision Product Security Update Advisory (CVE-2024-25063, CVE-2024-25064)

Overview

 

An update has been made available to address a vulnerability in Hikivision products. users of affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2024-25063

• HikCentral Professional V2.5.1 or below

 

CVE-2024-25064

• HikCentral Professional V2.0.0 or later and prior to V2.5.1

 

Resolved Vulnerabilities

 

accessible vulnerability in certain URLs due to insufficient server-side validation (CVE-2024-25063)
insufficient server-side validation, which could allow an attacker with login privileges to gain access to certain resources by changing parameter values (CVE-2024-25064)

 

Vulnerability Patches

 

vulnerability Patches were made available in the March 1, 2024 update. Please follow the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-25063

• HikCentral Professional V2.5.1 and above

 

CVE-2024-25064

• HikCentral Professional prior to V2.0.0  and at least V2.5.1

 

Referenced Sites

 

[1] CVE-2024-25063 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-25063
[2] CVE-2024-25064 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-25064
[3] Security Vulnerabilities in HikCentral Professional|
https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikcentral-professional/