cbcvebase.
CVE-2024-56898
published 2025-02-03

CVE-2024-56898: Broken access control vulnerability in Geovision GV-ASWeb with version v6.1.0.0 or less. This vulnerability allows low privilege users perform actions that…

PriorityP263high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
2.37%
81.7th percentile
Broken access control vulnerability in Geovision GV-ASWeb with version v6.1.0.0 or less. This vulnerability allows low privilege users perform actions that they aren't authorized to, which can be leveraged to escalate privileges, create, modify or delete accounts.

Detection & IOCsextracted from sources · hover to see the quote

url/ASWeb/bin/ASWebCommon.srf
path/ASWeb/bin/ASWebCommon.srf
commandaction=UA_SetCreateAccount&id=[SET-USERNAME]&password=[SET-PASSWORD]&email=[SET-MAIL]&level=[SET-PRIVILEGE 1-STANDARD USER/2-ADMINISTRATOR]
path/ASWeb/Login
  • Monitor for unauthenticated or low-privilege POST requests to /ASWeb/bin/ASWebCommon.srf containing the parameter 'action=UA_SetCreateAccount', which indicates an attempt to exploit the broken access control vulnerability to create new accounts.
  • Alert on POST requests to /ASWeb/bin/ASWebCommon.srf with 'action=UA_Set*' parameters from sessions authenticated as Guest (default credentials: Username: Guest; Password: empty), as this is the default low-privilege account used in exploitation.
  • Detect privilege escalation attempts by monitoring for 'level=2' in POST body to /ASWeb/bin/ASWebCommon.srf, indicating an attacker attempting to create or promote an administrator account.
  • Hunt for internet-exposed GeoVision GV-ASManager instances using the Google dork inurl:"ASWeb/Login", which may indicate publicly accessible targets.
  • ·The Guest account is enabled by default with an empty password, providing the minimum access required to exploit this vulnerability. Disabling or securing this account is a critical hardening step.
  • ·The vulnerability affects GeoVision GV-ASWeb/GV-ASManager version 6.1.0.0 and all earlier versions. Detection rules should target this version range.
  • ·Successful exploitation can be chained with CVE-2024-56902 to retrieve cleartext passwords, enabling credential reuse attacks against other organizational assets.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.