Hikvision, a Chinese video surveillance equipment manufacturer, has announced patches for two vulnerabilities in its security management system, HikCentral Professional.
The most significant of these flaws is CVE-2024-25063, a high-severity bug that could allow unauthorized access to specific URLs. The bug affects HikCentral Professional versions 2.5.1 and earlier. “Due to insufficient server-side validation, a successful exploit of this vulnerability could allow an attacker to gain access to certain URLs that the attacker should not have access to,” the advisory states.
The second vulnerability, CVE-2024-25064, has a’medium’ severity rating because it requires authentication to exploit. All HikCentral Professional versions from 2.0.0 to 2.5.1 are affected.
Read More: Hikvision Patches High-Severity Vulnerability in Security Management System
Check Out The New ITsecuritywire Podcast. For more such updates follow us on Google News ITsecuritywire News.
