CVE-2024-12553

EPSS 0.12%
Veröffentlicht 13.12.2024 23:15:06
Zuletzt bearbeitet 14.08.2025 18:47:20
Quelle zdi-disclosures@trendmicro.com
Teams Watchlist Login
Unerledigt Login

GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. Although authentication is required to exploit this vulnerability, default guest credentials may be used.

The specific flaw exists within the GV-ASWeb service. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-25394.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Geovision ≫ Gv-asmanager Version6.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.321

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
zdi-disclosures@trendmicro.com	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://www.zerodayinitiative.com/advisories/ZDI-24-1682/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-12553

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-12553

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-12553

EUVD