---
title: "CISA Warns of Actively Exploited Digiever Vulnerability—Patch Now"
short_title: "CISA adds exploited Digiever vulnerability to KEV catalog"
description: "CISA has added CVE-2023-52163, a missing authorization flaw in Digiever DS-2105 Pro, to its KEV catalog. Learn why this matters and how to protect your systems."
author: "Vitus"
date: 2025-01-24
categories: [Cybersecurity, Vulnerabilities]
tags: [cisa, cve-2023-52163, vulnerability-management, threat-intelligence, cybersecurity]
score: 0.85
cve_ids: [CVE-2023-52163]
---
TL;DR
CISA has added CVE-2023-52163, a missing authorization vulnerability in Digiever DS-2105 Pro, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. Federal agencies must patch immediately, but all organizations are urged to prioritize remediation to reduce cyberattack risks.
---
Main Content
The Cybersecurity and Infrastructure Security Agency (CISA) has escalated its response to an actively exploited vulnerability in Digiever DS-2105 Pro, adding CVE-2023-52163 to its [Known Exploited Vulnerabilities (KEV) Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog). This move underscores the urgency of addressing flaws that malicious actors are actively targeting, particularly those posing significant risks to federal and enterprise networks.
Key Points
- CVE-2023-52163 is a missing authorization vulnerability in Digiever DS-2105 Pro, allowing unauthorized access to sensitive functions or data.
- The flaw is being actively exploited, making it a critical priority for remediation.
- Binding Operational Directive (BOD) 22-01 mandates that Federal Civilian Executive Branch (FCEB) agencies patch the vulnerability by the specified due date.
- While BOD 22-01 applies only to federal agencies, CISA strongly recommends all organizations prioritize patching KEV-listed vulnerabilities to mitigate cyberattack risks.
Technical Details
CVE-2023-52163 is classified as a missing authorization vulnerability, a common attack vector for cybercriminals. Such flaws occur when a system fails to enforce proper access controls, allowing unauthorized users to execute actions or access data they shouldn’t. In this case, the vulnerability affects Digiever DS-2105 Pro, a network video recorder (NVR) used in surveillance and security systems.
Exploitation of this vulnerability could enable attackers to:
- Gain unauthorized access to sensitive footage or system configurations.
- Disrupt surveillance operations or manipulate recorded data.
- Use the compromised device as a foothold for lateral movement within a network.
Impact Assessment
The inclusion of CVE-2023-52163 in CISA’s KEV Catalog highlights its high-risk potential. Federal agencies are required to remediate the flaw promptly to comply with BOD 22-01, but the implications extend far beyond government networks. Organizations in sectors like critical infrastructure, healthcare, and finance are particularly vulnerable, as surveillance systems are often integrated into broader security and operational frameworks.
Failure to patch this vulnerability could result in:
- Data breaches involving sensitive or proprietary information.
- Operational disruptions, particularly in environments reliant on surveillance systems.
- Increased attack surfaces for ransomware, espionage, or other malicious activities.
Mitigation Steps
To protect against CVE-2023-52163, organizations should take the following actions:
1. Apply Patches Immediately: Check for and deploy the latest firmware or security updates provided by Digiever for the DS-2105 Pro.
2. Review Access Controls: Ensure that only authorized personnel can access surveillance systems and related networks.
3. Monitor for Suspicious Activity: Implement network monitoring to detect unusual access patterns or unauthorized attempts to exploit the vulnerability.
4. Segment Networks: Isolate surveillance systems from critical business networks to limit the impact of a potential breach.
5. Follow CISA Guidelines: Refer to CISA’s [KEV Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) and [BOD 22-01 Fact Sheet](https://www.cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf) for additional best practices.
---
Conclusion
The addition of CVE-2023-52163 to CISA’s KEV Catalog serves as a critical reminder of the importance of proactive vulnerability management. While federal agencies face mandatory patching deadlines, all organizations must treat KEV-listed vulnerabilities as top priorities to defend against evolving cyber threats. By acting swiftly and following CISA’s recommendations, businesses can reduce their exposure to attacks and safeguard their digital assets.
For more details, visit CISA’s [official alert](https://www.cisa.gov/news-events/alerts/2025/12/22/cisa-adds-one-known-exploited-vulnerability-catalog).
---
References
[^1]: CISA. "[CISA Adds One Known Exploited Vulnerability to Catalog](https://www.cisa.gov/news-events/alerts/2025/12/22/cisa-adds-one-known-exploited-vulnerability-catalog)". Retrieved 2025-01-24.
[^2]: CVE. "[CVE-2023-52163 Detail](https://www.cve.org/CVERecord?id=CVE-2023-52163)". Retrieved 2025-01-24.
[^3]: CISA. "[Known Exploited Vulnerabilities Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog)". Retrieved 2025-01-24.