CVE-2024-56901
📋 TL;DR
This CSRF vulnerability in Geovision GV-ASWeb allows attackers to create administrator accounts without authentication by tricking authenticated users into visiting malicious web pages. It affects version 6.1.1.0 and earlier, and is typically chained with CVE-2024-56903 for successful exploitation.
💻 Affected Systems
- Geovision GV-ASWeb
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain full administrative control over the Geovision system, enabling surveillance disruption, data theft, or physical security compromise.
Likely Case
Unauthorized administrator accounts are created, leading to privilege escalation and potential system takeover.
If Mitigated
With proper CSRF protections, the attack fails even if users visit malicious pages.
🎯 Exploit Status
Exploitation requires chaining with another vulnerability and social engineering to trick authenticated users.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 6.1.2.0 or later
Vendor Advisory: https://www.geovision.com.tw/security-advisory
Restart Required: No
Instructions:
1. Download latest version from Geovision website. 2. Backup current configuration. 3. Install update following vendor instructions. 4. Verify installation.
🔧 Temporary Workarounds
Implement CSRF Tokens
allAdd anti-CSRF tokens to all administrative forms and validate them server-side.
SameSite Cookie Attribute
allSet SameSite=Strict or Lax attributes on session cookies to prevent cross-site requests.
🧯 If You Can't Patch
- Isolate the GV-ASWeb application behind a VPN or internal network only.
- Implement web application firewall rules to block suspicious GET requests to administrative endpoints.
🔍 How to Verify
Check if Vulnerable:
Check GV-ASWeb version in application interface or configuration files.Check Version:
Check Help > About in GV-ASWeb interface or examine installation directory version files.Verify Fix Applied:
Verify version is 6.1.2.0 or later and test CSRF protection mechanisms.📡 Detection & Monitoring
Log Indicators:
- Unexpected administrator account creation events
- GET requests to user creation endpoints from unusual sources
Network Indicators:
- Multiple failed authentication attempts followed by successful admin creation
- Cross-origin requests to administrative endpoints
SIEM Query:
source="gv-asweb" AND (event="user_created" OR event="admin_created")