Cross-Site Request Forgery in Geovision GV-ASWeb Allows Arbitrary Operations
CVE-2024-56903

8.1HIGH

Key Information:

Vendor: Geovision
Status: GV-ASWeb
Vendor: CVE Published:; 3 February 2025

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in Geovision's GV-ASWeb application, specifically in versions 6.1.1.0 and earlier. This flaw allows attackers to manipulate users into unwittingly submitting crafted HTTP requests, potentially executing unauthorized actions on behalf of the victim. The exploitation of this vulnerability poses serious risks to the security and integrity of the application, requiring immediate attention from users and administrators to apply necessary security measures.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-56903
Created by DRAGOWN

References

https://github.com/DRAGOWN/CVE-2024-56903

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

🟡
Public PoC available
Feb 3, 2025
👾
Exploit known to exist
Feb 3, 2025
Vulnerability published
Feb 3, 2025
Vulnerability Reserved
Jan 9, 2025