Warning: Critical Vulnerability In Various End-Of-Life GeoVision Devices All
CVE-2024-6047: CVSS 9.8 CRITICAL (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
- https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html
- https://securityonline.info/cve-2024-6047-cvss-9-8-urgent-security-risk-for-geovision-users/
Risks
Due to a OS command injection vulnerability, attackers can take remote control over various end-of-life (EOL) GeoVision devices. Attackers might use this access as an entry point to compromise your network.
The Centre for Cybersecurity Belgium (CCB) recommends replacing the EOL devices with newer, supported models as the vendor discontinued support of the affected devices. Consider isolating devices like security cameras, access control, security management systems etc. in an isolated VLAN without internet access. Analyse system and network logs for any suspicious activity. This report has instructions to help your organisation.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
Description
Certain EOL GeoVision devices fail to properly filter user input for the specific functionality.
Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.
Following products are affected:
- DSP LPR: GV_DSP_LPR_V2
- IP Cameras: GV_IPCAMD_GV_BX1500, GV_IPCAMD_GV_CB220, GV_IPCAMD_GV_EBL1100, GV_IPCAMD_GV_EFD1100, GV_IPCAMD_GV_FD2410, GV_IPCAMD_GV_FD3400, GV_IPCAMD_GV_FE3401, GV_IPCAMD_GV_FE420
- Video Servers: GV-VS14_VS14, GV_VS03, GV_VS2410, GV_VS28XX, GV_VS216XX, GV VS04A, GV VS04H
- DVRs: GVLX 4 V2, GVLX 4 V3
As these products are end-of-life, the recommended action is to retire these devices and replace them with newer, supported models. Consider isolating the devices in an isolated VLAN without internet access.
Recommended Actions
Retire end-of-life devices
The CCB strongly recommends to retire the affected devices and replace them with newer, supported products.
Isolate OT devices
The CCB also strongly recommends to isolate physical security and building management devices like security cameras, access control, and security management systems in a separate VLAN without internet access.
Monitor/Detect
The CCB recommends organisations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.