4.10.23 – Security Sales & Integration – City of Industry, Calif.
The company has made patches available on its website to address the vulnerability.
Hikvision has issued a notice to its technology partners about a vulnerability in some Hikvision Hybrid SAN\cluster storage products. The company made patches available on its website to address the vulnerability.
Below is the Hikvision letter, which the company sent out to its partners:
April 10, 2023
Dear Valued Partner:
Today, Hikvision has issued the patches (Hybrid SAN, Cluster Storage) available on our website that fix a vulnerability (CVE-2023-28808) in some Hikvision Hybrid SAN\cluster storage products.
Hikvision has rated this vulnerability as 9.1 (critical) using the CVSS v3.1 calculator. The list of products affected by the vulnerability can be accessed on our website. While Hikvision is not aware of this vulnerability being exploited in the field, we recognize that some of our partners may have installed Hikvision equipment that is affected by this vulnerability and we strongly encourage them to work with their customers to install the patch and ensure proper cyber hygiene.
With this vulnerability, we want to provide you the details and timeline to reassure you of Hikvision’s strong commitment to cybersecurity and following the standard Coordinated Disclosure Process. In January 2023, Souvik Kandar and Arko Dhar of the Redinent Innovations team in India reported a potential vulnerability in Hikvision products to the Hikvision Security Response Center (HSRC). Once the HSRC confirmed existence of the vulnerability, it worked with the researchers and the National Computer Emergency Response Team of India (CERT-In) to develop the patches and verify the successful mitigation of the reported.
Hikvision is a CVE Partner and is committed to continuing to work with third-party security researchers to find, patch, disclose and release updates to products in a timely manner that best protects the users of Hikvision products. To report any security issues or vulnerabilities in Hikvision products and solutions, please contact Hikvision Security Response Center at hsrc@hikvision.com.
Hikvision strictly complies with the laws and regulations in all countries and regions where we operate, and we apply the highest standards of cybersecurity practices in an effort to best protect the users of Hikvision products around the world.
Please do not hesitate to contact our team with any questions or concerns.