Security Advisory – Some Dahua software products are affected by Apache ActiveMQ (CVE-2023-46604) vulnerability
Advisory ID:DHCC-SA-202311-001
First Published:2023-11-04
Summary
1. CVE-2023-46604
A critical vulnerability exists in Apache ActiveMQ, which can be exploited remotely by an attacker to execute arbitrary code.
Vulnerability Score
The vulnerability classification has been performed by using the CVSSv3.1 scoring system (http://www.first.org/cvss/speciallyation-document).
CVE-2023-46604
Base Score: 10.0(AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H)
Affected Products & Fix Software
The following product series and models are currently known to be affected.
|
Affected Model |
Affected Version |
Fix Software |
|
DSS-Professional |
V7.X |
|
|
V8.0.2-8.3.0 |
||
|
DSS-Express |
V1.X |
|
|
V8.0.2-8.3.0 |
||
|
DHI-DSS7016-S2 |
V1.X |
|
|
V8.0.2-8.3.0 |
||
|
DHI-DSS4004-S2 |
V1.X |
|
|
V8.0.2-8.3.0 |
Note:
1.To view the version, please log in to the Web and view it on the “About”
page.
2.The early IPVM patch package has been released. If the IPVM patch has not
been installed, it is recommended to install the IPVM patch first and then
install the patch. You can also skip the IPVM patch and only repair the
vulnerability; Installing this patch before installing IPVM patch is not
supported.
Fix Software Download
Please download the corresponding fix software or its newer version as listed in the above table from Dahua website, or contact Dahua local technical support to upgrade.
l Dahua Official website: https://software.dahuasecurity.com/en/download
l Contact Dahua local technical support or software_support@dahuatech.com for help.
Support Resources
For any questions or concerns related to our products and solutions, please contact Dahua PSIRT at psirt@dahuatech.com..
Revision History
|
Version |
Description |
Date |
|
V1.0 |
Initial public release |
2023-11-04 |
