CVE-2024-56903
Published: 03 February 2025
Description
Geovision GV-ASWeb with the version 6.1.1.0 or less allows attackers to modify POST request method with the GET against critical functionalities, such as account management. This vulnerability is used in chain with CVE-2024-56901 for a successful CSRF attack.
Security Summary
CVE-2024-56903 affects Geovision GV-ASWeb in versions 6.1.1.0 and earlier. The vulnerability enables attackers to modify POST request methods to GET against critical functionalities, such as account management. Classified as CWE-352 (Cross-Site Request Forgery), it carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H) and was published on 2025-02-03.
Remote attackers require no privileges but need user interaction to exploit this issue. By tricking authenticated users into visiting malicious sites or clicking links, attackers can alter request methods to perform unauthorized actions on critical endpoints. The vulnerability is explicitly chained with CVE-2024-56901 to enable successful CSRF attacks, resulting in high impacts to integrity and availability, such as unauthorized account modifications.
Further details, including potential mitigation guidance, are available in the GitHub repository at https://github.com/DRAGOWN/CVE-2024-56903.
Details
- CWE(s)