Update on Privilege Escalating Vulnerability Notice-HQ

Update on Privilege Escalating Vulnerability Notice-HQ

Dear Valued Customers and Partners:

Hikvision is honored to work with the U.S. Department of Homeland Security’s National Cybersecurity and Communications Integration Center in our ongoing cybersecurity best practice efforts.

We’re pleased to announce that Hikvision’s successful progress on a privilege-escalating vulnerability has been acknowledged by ISC-CERT (Industrial Control Systems Cyber Emergency Response Team). Specifically, ISC-CERT has recognized that on March 13, 2017 Hikvision released the fixed firmware version 5.4.41/5.4.71 to address the user privilege-escalating vulnerability on those particular affected camera models.

What do customers need to know about the privilege-escalating vulnerability?  What steps should customers take to enhance the cybersecurity of Hikvision systems?

·Please review the March 13,2017 notice, which outlines potential cybersecurity concerns that could arise with specific cameras under certain, fairly uncommon circumstances.  To date, Hikvision is not aware of any reports of malicious activity associated with this vulnerability. ·Hikvision always recommends a systematic, multi-step approach to enhance cybersecurity protection. To assist customers and partners, Hikvision offers a number of industry-leading cybersecurity resources. Please visit the Hikvision Security Center for more information.

·The Hikvision Network Security Hardening Guide is a new resource for installers.

·Hikvision also encourages customers to utilize ICS-CERT resources, including ISC-CERT Recommended Practices and ISC-CERT Defense in Depth.

Did ISC-CERT recommend further enhancements in future firmware upgrades?

·ISC-CERT specifically identified the area of potential concern about the “configuration file”.

Under what circumstances is there a concern with the configuration file? How will Hikvision address this concern?

·The configuration file is encrypted and is therefore not readable, and protects users’ credentials. Also, the configuration file can only be exported by the admin account. Hikvision appreciates ICS-CERT’s comment, and will enhance the private key decryption storage method in the upcoming firmware release.

Hikvision is proud to be at the forefront of the move to improve cybersecurity best practices in our industry. Cybersecurity must be top-of-mind throughout the product lifecycle, from R&D and manufacturing to installation and maintenance. Hikvision’s in-house cybersecurity experts are dedicated to constantly assessing and improving our products and our processes, and the Hikvision team provides market-leading cybersecurity education and support to our valued customers. We’re also actively engaged with our competitors and partners on collaborative cybersecurity efforts that benefit our entire industry.

Interoperability is key to the success of IP video technology. While it’s exciting to watch the ecosystem of video surveillance devices multiply, this also increases our cybersecurity challenges. Establishing interoperability standards for video surveillance should be a top priority and one that everyone in the surveillance industry needs to share.

If you have any questions or concerns about Hikvision products, please contact Hikvision branch office, representatives or consult us at overseasbusiness@hikvision.com. For technical concerns, you may contact support@hikvision.com.

 

 

 

Diese Website verwendet essentielle Cookies und verwandte Technologien, um Ihre Cookie-Präferenzen zu speichern und Login-Funktionen zu gewährleisten. Mit Ihrem Einverständnis möchten Hikvision und zwei Partner auch optionale Cookies verwenden, um Informationen auf Ihrem Gerät zu speichern und darauf zuzugreifen, einschließlich persönlicher Informationen (z. B. IP-Adressen, Browserinformationen), um das Verkehrsaufkommen und andere Metriken zu beobachten und zu analysieren und um die Inhalte unserer Website anzupassen.

Sie können Ihre Einstellungen jederzeit ändern, indem Sie auf "Cookies verwalten" klicken. Weitere Informationen zu unseren Cookie-Praktiken finden Sie in unserer Cookie-Richtlinie und unserer Datenschutzrichtlinie.

Kontakt
Hik-Partner Pro close
Hik-Partner Pro
Security Business Assistant. At Your Fingertips. Learn more
Hik-Partner Pro
Scan and download the app
Hik-Partner Pro
Hik-Partner Pro

Get a better browsing experience

You are using a web browser we don’t support. Please try one of the following options to have a better experience of our web content.