EOL GeoVision Devices Vulnerable to OS Command Injection Attacks
CVE-2024-11120
Key Information:
- Vendor
Geovision
- Vendor
- CVE Published:
- 15 November 2024
Badges
What is CVE-2024-11120?
A significant vulnerability in certain end-of-life (EOL) GeoVision devices has been identified, categorized as an OS Command Injection flaw. This vulnerability allows unauthenticated remote attackers to inject and execute arbitrary system commands on the affected devices. Recent reports indicate that this security hole has already been exploited in the wild, raising concerns for users of these devices. It is crucial for organizations using GeoVision products to assess their exposure to this threat and implement necessary mitigations.
CISA has reported CVE-2024-11120
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-11120 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
GV-DSP_LPR_V3 0
GV-VS11 0
GV-VS12 0
News Articles
CISA (.gov)CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation
2 weeks ago
Botnet exploits GeoVision zero-day to install Mirai malware
A malware botnet is exploiting a zero-day vulnerability in end-of-life GeoVision devices to compromise and recruit them for likely DDoS or cryptomining attacks.
References
EPSS Score
54% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🦅
CISA Reported
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 📰
First article discovered by BleepingComputer
Vulnerability published
Vulnerability Reserved