EOL GeoVision Devices Vulnerable to Command Injection Attacks
CVE-2024-6047

9.8CRITICAL

Key Information:

Vendor

Geovision

Status
Gv Dsp Lpr V2
Gv Ipcamd Gv Bx1500
Gv Ipcamd Gv Cb220
Gv Ipcamd Gv Ebl1100
Vendor
CVE Published:
17 June 2024

Badges

📈 Score: 1,240👾 Exploit Exists🟣 EPSS 75%🦅 CISA Reported📰 News Worthy

What is CVE-2024-6047?

CVE-2024-6047 is identified as a significant command injection vulnerability affecting certain end-of-life (EOL) GeoVision devices. GeoVision is known for its comprehensive video surveillance and security solutions, widely utilized in various sectors for managing and monitoring security systems. The vulnerability arises from inadequate input validation within specific device functionalities, enabling unauthenticated remote attackers to exploit this weakness. By successfully manipulating the input, attackers can inject and execute arbitrary system commands directly on these devices, potentially leading to unauthorized access and control over the compromised systems. This can have severe implications for organizations relying on these devices for security and monitoring, as it exposes them to a greater risk of system compromise and data breaches.

Potential impact of CVE-2024-6047

  1. Unauthorized Access and Control: The most significant risk associated with CVE-2024-6047 is the potential for unauthorized attackers to gain control over vulnerable devices. This can lead to manipulation of security settings, disabling of surveillance features, or the use of compromised devices as entry points for broader network attacks.

  2. Data Breaches and Loss: Exploitation of this vulnerability can also result in unauthorized access to sensitive data captured by the devices, such as video footage or personal information. This can lead to severe data breaches, regulatory violations, and loss of trust among stakeholders.

  3. Increased Attack Surface: The exposure of these vulnerabilities in widely used security devices increases the attack surface for organizations. If attackers gain control of a subset of devices, they may leverage them to launch further attacks against the internal network, potentially leading to widespread system disruptions or ransomware deployments.

CISA has reported CVE-2024-6047

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-6047 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

GV VS04A all

GV VS04H all

GV_DSP_LPR_V2 all

News Articles

favicon imageCISA (.gov)

CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation

2 weeks ago

References

https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html
third-party-advisory
https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html
third-party-advisory

EPSS Score

75% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📰

    First article discovered by CISA (.gov)

  • 👾

    Exploit known to exist

  • 🦅

    CISA Reported

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2024-6047 : EOL GeoVision Devices Vulnerable to Command Injection Attacks