CVE-2024-12553

EPSS 0.12%
Published 13.12.2024 23:15:06
Last modified 14.08.2025 18:47:20
Source zdi-disclosures@trendmicro.com
Teams watchlist Login
Open Login

GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. Although authentication is required to exploit this vulnerability, default guest credentials may be used.

The specific flaw exists within the GV-ASWeb service. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-25394.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Geovision ≫ Gv-asmanager Version6.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.12%	0.321

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
zdi-disclosures@trendmicro.com	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://www.zerodayinitiative.com/advisories/ZDI-24-1682/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-12553

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-12553

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-12553

EUVD