GV-ASM-2025-02-03 GV-ASManager Web Vulnerabilities

Security Advisory Notices
Post Reply
support
Posts: 647
Joined: December 27th, 2014, 8:37 am

GV-ASM-2025-02-03 GV-ASManager Web Vulnerabilities

Unread post by support »


Release Date: 2025/02/03


Advisory ID
ASM-2025-02-03


CVE ID
CVE-2024-56898
CVE-2024-56901
CVE-2024-56902
CVE-2024-56903


Affected Product
GV-ASManager V6.1.1.0 or less

Security Issue
The reported software has been verified on the following security vulnerabilities
CVE-2024-56898
Incorrect access control in Geovision GV-ASWeb version 6.1.0.0 or less allows unauthorized
attackers with low-level privileges to manage and create new user accounts via supplying a
crafted HTTP request.

CVE-2024-56901
A Cross-Site Request Forgery (CSRF) in the Account Management component of Geovision
GV-ASWeb version 6.1.1.0 or less allows attackers to arbitrarily create Admin accounts via a
crafted GET request method.

CVE-2024-56902
An issue in Geovision GV-ASWeb with version 6.1.0.0 or less allows unauthorized attackers
with low-level privileges to be able to request information about other accounts via a crafted
HTTP request.

CVE-2024-56903
A Cross-Site Request Forgery (CSRF) in Geovision GV-ASWeb with the version 6.1.1.0 or less
allows attackers to execute arbitrary operations via supplying a crafted HTTP request.



Resolution
Reported vulnerability has been resolved with software update GV-ASManager V6.1.2 and is
available at GeoVision’s official download page at: https://www.geovision.com.tw/download/p ... 20Control)


If you have any questions or concerns in regards the cybersecurity issue, please contact our
cybersecurity team: security@geovision.com.tw.
Top
Post Reply

Return to “Security Advisory”