www.belgium.be Logo of the federal government

Warning: Critical Vulnerability In Various End-Of-Life GeoVision Devices All

Reference: 
Advisory #2024-90
Version: 
1.0
Affected software: 
Various end-of-life GeoVision devices (full list in description)
Type: 
Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)
CVE/CVSS: 

CVE-2024-6047: CVSS 9.8 CRITICAL (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Sources

Risks

Due to a OS command injection vulnerability, attackers can take remote control over various end-of-life (EOL) GeoVision devices. Attackers might use this access as an entry point to compromise your network.

The Centre for Cybersecurity Belgium (CCB) recommends replacing the EOL devices with newer, supported models as the vendor discontinued support of the affected devices. Consider isolating devices like security cameras, access control, security management systems etc. in an isolated VLAN without internet access. Analyse system and network logs for any suspicious activity. This report has instructions to help your organisation.

In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident

Description

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality.

Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.

Following products are affected:

  • DSP LPR: GV_DSP_LPR_V2
  • IP Cameras: GV_IPCAMD_GV_BX1500, GV_IPCAMD_GV_CB220, GV_IPCAMD_GV_EBL1100, GV_IPCAMD_GV_EFD1100, GV_IPCAMD_GV_FD2410, GV_IPCAMD_GV_FD3400, GV_IPCAMD_GV_FE3401, GV_IPCAMD_GV_FE420
  • Video Servers: GV-VS14_VS14, GV_VS03, GV_VS2410, GV_VS28XX, GV_VS216XX, GV VS04A, GV VS04H
  • DVRs: GVLX 4 V2, GVLX 4 V3

As these products are end-of-life, the recommended action is to retire these devices and replace them with newer, supported models. Consider isolating the devices in an isolated VLAN without internet access.

Recommended Actions

Retire end-of-life devices

The CCB strongly recommends to retire the affected devices and replace them with newer, supported products.

Isolate OT devices

The CCB also strongly recommends to isolate physical security and building management devices like security cameras, access control, and security management systems in a separate VLAN without internet access.

Monitor/Detect

The CCB recommends organisations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.