GV-ASM-2024-12-13 GV-ASManager Web Vulnerabilities

Security Advisory Notices
Post Reply
support
Posts: 647
Joined: December 27th, 2014, 8:37 am

GV-ASM-2024-12-13 GV-ASManager Web Vulnerabilities

Unread post by support »


Release Date: Dec 13, 2024


Advisory ID
GV-ASM-2024-12-13


CVE ID
CVE-2024-12553

Affected Product
GV-ASManager V6.1.0

Security Issue
GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability. This
vulnerability allows remote attackers to disclose sensitive information on affected installations
of GeoVision GV-ASManager. Although authentication is required to exploit this vulnerability,
default guest credentials may be used. The specific flaw exists within the GV-ASWeb service.

The issue results from the lack of authorization prior to allowing access to functionality. An
attacker can leverage this vulnerability to disclose stored credentials, leading to further
compromise.


Resolution
The affected software vulnerability has been fixed with the release of GV-ASManager V6.1.1.
It is recommended that users should perform the update to the specified version to avoid
potential vulnerabilities.

If you have any questions or concerns regarding the reported vulnerability, please contact our
cybersecurity team at: security@geovision.com.tw.
Top
Post Reply

Return to “Security Advisory”