CVE-2024-56898

HIGH

Geovision GV-ASWeb <6.1.0.0 - Privilege Escalation

Title source: llm

Description

Broken access control vulnerability in Geovision GV-ASWeb with version v6.1.0.0 or less. This vulnerability allows low privilege users perform actions that they aren't authorized to, which can be leveraged to escalate privileges, create, modify or delete accounts.

Exploits (2)

exploitdb WORKING POC

by Giorgi Dograshvili · textwebappsmultiple

https://www.exploit-db.com/exploits/52189

View Code ZIP pw:eip

nomisec WRITEUP 2 stars

by DRAGOWN · poc

https://github.com/DRAGOWN/CVE-2024-56898

View Code ZIP pw:eip

References (1)

[Various Sources] https://github.com/DRAGOWN/CVE-2024-56898

Scores

CVSS v3 8.8

EPSS 0.0691

EPSS Percentile 91.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-284

Status published

Published Feb 03, 2025

Tracked Since Feb 18, 2026