What is this vulnerability and why does it matter?

CVE-2024-58274 describes a command execution vulnerability in Hikvision's CSMP (Comprehensive Security Management Platform) iSecure Center. Specifically, the software allows the execution of arbitrary commands due to improper input sanitization within the JSON data processed by the /center/api/installation/detection endpoint. This vulnerability matters because it allows attackers to potentially gain control of the affected system, leading to data breaches, system compromise, and further malicious activities. The vulnerability has been exploited in the wild.

What are the CVSS score, severity level, and disclosure details?

The CVSS score for CVE-2024-58274 is 8.3, indicating a high severity. The vulnerability was published on 2025-10-22 and last modified on 2025-10-22 13:55:16. The vulnerability was reportedly exploited in the wild in 2024 and 2025.

Which products, vendors, systems, and versions are affected?

The affected product is Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center, with versions up to 2024-08-01 being vulnerable. The vendor is Hikvision.

What is the technical root cause and attack vector?

The technical root cause is improper input sanitization. Specifically, the iSecure Center software fails to properly validate or sanitize JSON data submitted to the /center/api/installation/detection endpoint. This allows an attacker to inject shell commands within $( ) sequences in the JSON data. The attack vector is network-based, where a remote attacker sends a crafted HTTP request to the vulnerable endpoint. The CWE associated with this vulnerability is CWE-78, which refers to improper neutralization of special elements used in an OS command ('OS Command Injection').

How can this vulnerability be exploited?

This vulnerability can be exploited by sending a malicious HTTP request to the /center/api/installation/detection endpoint of the Hikvision iSecure Center. The attacker crafts the JSON data within the request to include shell commands enclosed in $( ) sequences. When the iSecure Center processes this data without proper sanitization, the injected commands are executed by the underlying operating system with the privileges of the iSecure Center application. This can allow the attacker to execute arbitrary code, potentially leading to complete system compromise.

What mitigation steps and patches are available?

Unfortunately, specific mitigation steps and patches are not available in the provided data. It is recommended to check the Hikvision website for any security advisories and updates related to iSecure Center. Possible mitigation could include restricting network access to the iSecure Center management interface, implementing strict input validation on the /center/api/installation/detection endpoint to prevent command injection, and monitoring system logs for suspicious activity.

How can vulnerable systems be detected?

Vulnerable systems can be detected by checking the version of Hikvision iSecure Center. Versions up to 2024-08-01 are likely affected. Network-based vulnerability scanners can be used to send specially crafted requests to the /center/api/installation/detection endpoint and check for command execution. Manual testing can also be performed by sending similar requests and observing the system's behavior.

What are the indicators of compromise (IOCs)?

Without further data, specific IOCs are difficult to define. However, some general IOCs to look for include:

• Unexpected processes running on the iSecure Center server.
• Unusual network connections originating from the iSecure Center server.
• Modifications to system files or configurations.
• Suspicious entries in the iSecure Center logs or system logs related to the /center/api/installation/detection endpoint.
• Web requests to /center/api/installation/detection containing shell commands within $( ) sequences.

Which threat actors are known to exploit this vulnerability?

The provided data indicates that this vulnerability has been exploited in the wild in 2024 and 2025. However, it does not specify which particular threat actors are exploiting it.

What public intelligence references and advisories exist?

The primary public intelligence reference is the CVE record itself: CVE-2024-58274. It is recommended to monitor security websites, vulnerability databases, and threat intelligence feeds for further advisories and reports related to this vulnerability. Also monitor Hikvision's official communication channels for any security alerts.

What is the risk assessment and urgency level?

The risk assessment for CVE-2024-58274 is high due to the high CVSS score (8.3), the ease of exploitation (OS Command Injection), and the fact that it has been actively exploited in the wild. The urgency level is critical. Affected organizations should immediately investigate their systems for vulnerable versions of Hikvision iSecure Center and apply any available patches or mitigations. Continuous monitoring for indicators of compromise is also essential.