CISA Flags Active Exploitation of Digiever Authorization Vulnerability (CVE-2023-52163)
Executive Summary
In December 2023, CISA added CVE-2023-52163 to its Known Exploited Vulnerabilities Catalog after identifying active exploitation of a missing authorization vulnerability in Digiever DS-2105 Pro network video recorders. Malicious actors leveraged this flaw to gain unauthorized access to sensitive functions and video data, bypassing authentication controls. The exploitation exposed affected organizations to privacy breaches, potential lateral movement within networks, and possible compromise of video surveillance infrastructure. The vulnerability is particularly concerning for agencies required to comply with Binding Operational Directive 22-01, raising enterprise risks related to data integrity, operational continuity, and regulatory responsibility.
This incident underscores a broader trend of attackers exploiting well-known yet unpatched vulnerabilities in internet-connected devices. Recent months have seen an increase in targeting of IoT and NVR platforms, highlighting the urgency for prioritized vulnerability management as threat actors continue to shift focus towards overlooked or legacy systems.
Why This Matters Now
This alert demonstrates that attackers are actively exploiting missing authorization flaws in widely deployed network devices, impacting not only federal networks but also private enterprises. Prompt remediation is critical, as such vulnerabilities present a low-barrier entry for threat actors and can facilitate data theft or broader systemic compromise if left unaddressed.
Attack Path Analysis
The attacker exploited a missing authorization vulnerability (CVE-2023-52163) in a Digiever DS-2105 Pro device to gain initial access to the environment. With unauthorized access, they attempted to escalate privileges for broader control. The adversary then moved laterally, targeting east-west traffic paths to identify additional assets. Next, the attacker established outbound communication for command and control, likely leveraging unmonitored egress channels. They proceeded to exfiltrate data using covert or unauthorized outbound methods. Finally, the attacker aimed to disrupt operations, manipulate data, or further entrench themselves within the compromised environment.
Kill Chain Progression
Initial Compromise
Description
The attacker exploited the missing authorization flaw in the internet-facing Digiever DS-2105 Pro device to access the system without valid credentials.
Related CVEs
CVE-2023-52163
CVSS 9.8A command injection vulnerability in Digiever DS-2105 Pro 3.1.0.71-11 allows remote attackers to execute arbitrary commands via the time_tzsetup.cgi endpoint.
Affected Products:
Digiever DS-2105 Pro – 3.1.0.71-11
Exploit Status:
exploited in the wildCVE-2023-52164
CVSS 7.5An arbitrary file read vulnerability in Digiever DS-2105 Pro 3.1.0.71-11 allows remote attackers to read sensitive files via the access_device.cgi endpoint.
Affected Products:
Digiever DS-2105 Pro – 3.1.0.71-11
Exploit Status:
proof of concept
MITRE ATT&CK® Techniques
Exploit Public-Facing Application
External Remote Services
Valid Accounts
Modify Authentication Process
Network Sniffing
Account Discovery
Phishing
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Strong Authentication for User Access
Control ID: 8.2.1
NYDFS 23 NYCRR 500 – Access Privileges
Control ID: 500.07
DORA – ICT Security Policies and Procedures
Control ID: Article 9(2)
CISA Zero Trust Maturity Model (ZTMM) 2.0 – Consistent, Strong Authentication
Control ID: Identity Pillar: Authentication
NIS2 Directive – Access Control Policies and Procedures
Control ID: Article 21(2)(d)
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Government Administration
Federal agencies face critical risks from CVE-2023-52163 Digiever surveillance system vulnerabilities, requiring immediate KEV Catalog compliance remediation per BOD 22-01.
Law Enforcement
Missing authorization vulnerabilities in Digiever DS-2105 Pro systems compromise surveillance infrastructure, threatening operational security and evidence integrity capabilities.
Public Safety
Video surveillance system authorization bypasses expose critical infrastructure monitoring capabilities, requiring zero trust segmentation and threat detection implementations.
Security/Investigations
Exploited surveillance equipment creates unauthorized access vectors affecting investigation integrity, demanding enhanced multicloud visibility and egress security controls.
Sources
- CISA Adds One Known Exploited Vulnerability to Cataloghttps://www.cisa.gov/news-events/alerts/2025/12/22/cisa-adds-one-known-exploited-vulnerability-catalogVerified
- NVD - CVE-2023-52163https://nvd.nist.gov/vuln/detail/CVE-2023-52163Verified
- NVD - CVE-2023-52164https://nvd.nist.gov/vuln/detail/CVE-2023-52164Verified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Applying Zero Trust Segmentation, east-west traffic controls, anomaly detection, and strict egress enforcement would have significantly constrained the attacker's ability to gain unauthorized access, move laterally, exfiltrate data, or cause operational impact.
Control: Zero Trust Segmentation
Mitigation: Unauthorized connections to vulnerable devices or workloads are blocked.
Control: Kubernetes Security (AKF)
Mitigation: Privilege abuse within containerized or cloud-native environments is restricted.
Control: East-West Traffic Security
Mitigation: Lateral movement is detected and blocked across internal network segments.
Control: Threat Detection & Anomaly Response
Mitigation: Outbound C2 traffic is detected and flagged for incident response.
Control: Egress Security & Policy Enforcement
Mitigation: Unauthorized data exfiltration is blocked or alerted.
Advanced inline controls limit blast radius and enable expedited detection and recovery.
Impact at a Glance
Affected Business Functions
- Surveillance Operations
- Security Monitoring
Estimated downtime: 3 days
Estimated loss: $50,000
Potential exposure of sensitive surveillance footage and system configurations.
Recommended Actions
Key Takeaways & Next Steps
- • Segment and restrict access to all internet-facing devices and workloads using identity-based Zero Trust Segmentation.
- • Deploy east-west traffic security measures to monitor and restrict lateral movement across your environment.
- • Enforce robust egress filtering and real-time policy controls to block unauthorized outbound data flows and C2 communications.
- • Continuously monitor for anomalies and threats using integrated detection and response capabilities.
- • Prioritize patching and remediation of known exploited vulnerabilities, and regularly validate security frameworks against evolving attack techniques.
