CVE-2024-56901

CVSS 8.8 HIGHEPSS 1.7%CWE-352

A Cross-Site Request Forgery (CSRF) vulnerability in Geovision GV-ASWeb application with the version 6.1.1.0 or less that allows attackers to arbitrarily create Administrator accounts via a crafted GET request method. This vulnerability is used in chain with CVE-2024-56903 for a successful CSRF attack.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

public PoCs found — 2

githubgithub.com/DRAGOWN/CVE-2024-56901★ 2 exploitdbwww.exploit-db.com/exploits/52187unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/DRAGOWN/CVE-2024-56901