CVE-2024-12553

MEDIUM

GeoVision GV-ASManager - Authenticated Information Disclosure via GV-ASWeb Service

Title source: llm
STIX 2.1

Description

GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. Although authentication is required to exploit this vulnerability, default guest credentials may be used. The specific flaw exists within the GV-ASWeb service. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-25394.

References (1)

Core 1
Core References
Third Party Advisory x_research-advisory
https://www.zerodayinitiative.com/advisories/ZDI-24-1682/

Scores

CVSS v3 6.5
EPSS 0.0057
EPSS Percentile 43.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (1)
geovision/gv-asmanager 6.1.0
Published Dec 13, 2024
Tracked Since Feb 18, 2026