Sensitive Information Disclosure Vulnerability in GeoVision GV-ASManager Due to Lack of Authorization
CVE-2024-12553

6.5MEDIUM

Key Information:

Vendor: Geovision
Status: Gv-asmanager
Vendor: CVE Published:; 13 December 2024

What is CVE-2024-12553?

GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. Although authentication is required to exploit this vulnerability, default guest credentials may be used.

The specific flaw exists within the GV-ASWeb service. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-25394.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

GV-ASManager 6.1.0

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1682/

x_research-advisory

CVSS V3.0

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2024

JSON

Geovision