CVE-2024-58274
BaseFortify
Publication date: 2025-10-22
Last updated on: 2025-10-22
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hikvision | hik-icd-external-tool | * |
| hikvision | secure_management_platform | * |
| hikvision | hik-icd-installmanager | 1.3.0-snapshot |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2024-58274 is a remote command execution (RCE) vulnerability in Hikvision's Comprehensive Security Management Platform (CSMP) iSecure Center. It occurs due to improper handling and sanitization of user input in the installation component, specifically in the 'agentNo' parameter and related classes. This allows an attacker to inject shell commands within JSON data sent to the /center/api/installation/detection endpoint, enabling execution of arbitrary commands on the server. An example exploit involves injecting a command to write a JSP web shell to the server, which can then be accessed remotely to execute further commands. [3]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary commands on the affected Hikvision CSMP server without authentication. This can lead to unauthorized control over the system, including deploying web shells for persistent access, data theft, system compromise, and disruption of services. The impact includes loss of confidentiality, integrity, and availability of the system and its data. [3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending a crafted POST request to the /center/api/installation/detection endpoint with JSON data that includes shell command injection in the machines.id field. For example, testing for command injection by injecting a payload that attempts to write a JSP web shell file (e.g., 123.jsp) to the server's web directory can confirm the vulnerability. Using tools like nuclei with the provided YAML template for Hikvision CSMP installation RCE detection can automate this process. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the official patch released by Hikvision that replaces the vulnerable command execution function with a safer implementation (executeCommandReceiveResultWithFileNoShell) which prevents shell command injection. Until the patch is applied, restrict access to the /center/api/installation/detection endpoint, monitor for suspicious POST requests attempting command injection, and consider network-level controls to limit exposure. [3]