Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for HikCentral FocSign by Hikvision

    CVE-2025-39246 (GCVE-0-2025-39246)

    Vulnerability from nvd – Published: 2025-08-29 01:39 – Updated: 2025-08-29 13:32
    VLAI
    Summary
    There is an Unquoted Service Path Vulnerability in some HikCentral FocSign versions. This could allow an authenticated user to potentially enable escalation of privilege via local access.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-428 - Unquoted Search Path or Element
    Assigner
    Impacted products
    Vendor Product Version
    Hikvision HikCentral FocSign Affected: Versions between V1.4.0 and V2.2.0
    Create a notification for this product.
    Credits
    Eduardo Bido
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-39246",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-29T13:32:36.393721Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-428",
                    "description": "CWE-428 Unquoted Search Path or Element",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-29T13:32:53.476Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HikCentral FocSign",
              "vendor": "Hikvision",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions between V1.4.0 and V2.2.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Eduardo Bido"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "There is an Unquoted Service Path Vulnerability in some HikCentral FocSign versions. This could allow an authenticated user to potentially enable escalation of privilege via local access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-29T01:39:53.653Z",
            "orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
            "shortName": "hikvision"
          },
          "references": [
            {
              "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-some-hikcentral-products/"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.15"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
        "assignerShortName": "hikvision",
        "cveId": "CVE-2025-39246",
        "datePublished": "2025-08-29T01:39:53.653Z",
        "dateReserved": "2025-04-16T05:37:51.248Z",
        "dateUpdated": "2025-08-29T13:32:53.476Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-39246 (GCVE-0-2025-39246)

    Vulnerability from cvelistv5 – Published: 2025-08-29 01:39 – Updated: 2025-08-29 13:32
    VLAI
    Summary
    There is an Unquoted Service Path Vulnerability in some HikCentral FocSign versions. This could allow an authenticated user to potentially enable escalation of privilege via local access.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-428 - Unquoted Search Path or Element
    Assigner
    Impacted products
    Vendor Product Version
    Hikvision HikCentral FocSign Affected: Versions between V1.4.0 and V2.2.0
    Create a notification for this product.
    Credits
    Eduardo Bido
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-39246",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-29T13:32:36.393721Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-428",
                    "description": "CWE-428 Unquoted Search Path or Element",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-29T13:32:53.476Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HikCentral FocSign",
              "vendor": "Hikvision",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions between V1.4.0 and V2.2.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Eduardo Bido"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "There is an Unquoted Service Path Vulnerability in some HikCentral FocSign versions. This could allow an authenticated user to potentially enable escalation of privilege via local access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-29T01:39:53.653Z",
            "orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
            "shortName": "hikvision"
          },
          "references": [
            {
              "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-some-hikcentral-products/"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.15"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
        "assignerShortName": "hikvision",
        "cveId": "CVE-2025-39246",
        "datePublished": "2025-08-29T01:39:53.653Z",
        "dateReserved": "2025-04-16T05:37:51.248Z",
        "dateUpdated": "2025-08-29T13:32:53.476Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }