CISA has added CVE-2017-7921 to its Known Exploited Vulnerabilities (KEV) catalogue, affecting Hikvision and multiple Hikvision products. The vulnerability is titled Hikvision Multiple Products Improper Authentication Vulnerability and could allow a malicious user to escalate privileges on the system and access sensitive information. The entry was added on 2026-03-05.
Technical detail: This is an improper authentication vulnerability with privilege escalation potential across multiple Hikvision products. The CVSS score is 9.8 (CRITICAL), underscoring the high impact of successful exploitation. A patch is available from Hikvision, and mitigations are documented in the vendor advisories and the associated NVD page (CVE-2017-7921). Patch status: available.
Exploitation and risk: Active exploitation has been confirmed, which is the premise of KEV entries. Ransomware campaign use is unknown for this CVE. The remediation deadline is 2026-03-26, after which CISA expects organisations to have mitigated or remediated exposed systems.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Directly affected: FCEB agencies. All organisations should review their exposure and apply the approved mitigations where applicable.
For full details, see the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2017-7921 and the CISA KEV catalogue at https://www.cisa.gov/known-exploited-vulnerabilities-catalog.