CVE-2024-56898

HIGH

Geovision GV-ASWeb <6.1.0.0 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-56898. PoCs published by Giorgi Dograshvili, DRAGOWN.

AI-analyzed exploit summary The exploit demonstrates a broken access control vulnerability in GeoVision GV-ASManager, allowing low-privilege users to escalate privileges by creating or modifying accounts via a crafted POST request to the ASWebCommon.srf endpoint.

Description

Broken access control vulnerability in Geovision GV-ASWeb with version v6.1.0.0 or less. This vulnerability allows low privilege users perform actions that they aren't authorized to, which can be leveraged to escalate privileges, create, modify or delete accounts.

Exploits (2)

exploitdb WORKING POC

by Giorgi Dograshvili · textwebappsmultiple

https://www.exploit-db.com/exploits/52189

View Code ZIP pw:eip

The exploit demonstrates a broken access control vulnerability in GeoVision GV-ASManager, allowing low-privilege users to escalate privileges by creating or modifying accounts via a crafted POST request to the ASWebCommon.srf endpoint.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: GeoVision GV-ASManager v6.1.0.0 or less

Auth required

Prerequisites: Network access to GV-ASManager web application · Guest account or low-privilege credentials

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WRITEUP 2 stars

by DRAGOWN · poc

https://github.com/DRAGOWN/CVE-2024-56898

View Code ZIP pw:eip

This repository documents CVE-2024-56898, a broken access control vulnerability in Geovision GV-ASManager v6.1.0.0 or lower, allowing low-privilege users (e.g., Guest) to escalate privileges, create/modify accounts, and perform unauthorized actions. The writeup includes detailed steps and screenshots demonstrating the exploit.

Classification

Writeup 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Geovision GV-ASManager v6.1.0.0 or lower

Auth required

Prerequisites: Network access to GV-ASManager web application · Access to a Guest account (default: Username: Guest; Password: <blank>) or any low-privilege account

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1134 - Access Token Manipulation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Various Sources

https://github.com/DRAGOWN/CVE-2024-56898

Scores

CVSS v3 8.8

EPSS 0.0716

EPSS Percentile 91.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-284

Status published

Published Feb 03, 2025

Tracked Since Feb 18, 2026