CVE-2024-56898

Name of the Vulnerable Software and Affected Versions Geovision GV-ASWeb versions 6.1.0.0 and earlier

Description The issue is related to incorrect access control, allowing unauthorized attackers with low-level privileges to manage and create new user accounts by supplying a crafted HTTP request. This can lead to privilege escalation, enabling attackers to gain administrative access.

Recommendations For Geovision GV-ASWeb versions 6.1.0.0 and earlier, consider restricting access to the web application until a patch is available, and limit the creation of new user accounts to prevent potential exploitation. As a temporary workaround, restrict privileges for guest accounts to minimize the risk of escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.