PT-2025-3343 · Geovision · Geovision Gv-Asweb

Giorgi Dograshvili

Published

2025-02-02

Updated

2025-03-04

CVE-2024-56901

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Geovision GV-ASWeb versions 6.1.1.0 and earlier

Description A Cross-Site Request Forgery (CSRF) issue in the Account Management component allows attackers to create admin accounts using a manipulated GET request method. This enables attackers to arbitrarily create Admin accounts.

Recommendations For Geovision GV-ASWeb versions 6.1.1.0 and earlier, consider disabling the Account Management component until a patch is available to prevent exploitation. Restrict access to the affected component to minimize the risk of arbitrary admin account creation. Avoid using the affected GET request method in the Account Management component until the issue is resolved.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2024-56901

Affected Products

Geovision Gv-Asweb

PT-2025-3343 · Geovision · Geovision Gv-Asweb

CVE-2024-56901

Weakness Enumeration

Related Identifiers

Affected Products

References · 9