CISA Adds Critical GoVision Device Flaws to Known Exploited Vulnerabilities Catalog
TL;DR
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added critical vulnerabilities in GoVision devices to its Known Exploited Vulnerabilities (KEV) catalog. These flaws, which include OS command injection vulnerabilities, pose significant risks as they have been actively exploited by attackers.
CISA Adds Critical GoVision Device Flaws to Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added several critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These include flaws in Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server. Notably, the agency has highlighted severe OS command injection vulnerabilities in GeoVision devices, which have been actively exploited by malicious actors.
Critical Vulnerabilities Identified
Below are the details of the identified vulnerabilities:
-
CVE-2024-6047: This vulnerability, with a CVSS score of 9.8, affects multiple end-of-life (EOL) GeoVision devices. The flaw arises from inadequate filtering of user input, allowing unauthenticated remote attackers to execute arbitrary system commands on the device.
-
CVE-2024-11120: Also scoring 9.8 on the CVSS scale, this vulnerability enables unauthenticated remote attackers to inject and execute arbitrary system commands. Researchers at the Shadowserver Foundation observed a botnet exploiting this zero-day flaw in November 2024. The affected EOL products include GV-VS12, GV-VS11, GV-DSP_LPR_V3, GVLX 4 V2, and GVLX 4 V3. The advisory published by TWCERT confirms that this vulnerability has been actively exploited. The botnet was used for DDoS and cryptomining attacks, with approximately 17,000 Internet-facing GeoVision devices vulnerable to CVE-2024-11120, primarily located in the United States, Germany, Taiwan, and Canada.
Mitigation Measures
According to the Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies must address these vulnerabilities by the specified due date to safeguard their networks. CISA has mandated that federal agencies fix these vulnerabilities by May 28, 2025.
Additionally, CISA recommends that private organizations review the KEV catalog and address any identified vulnerabilities within their infrastructure.
Stay Informed
For the latest updates, follow @securityaffairs on Twitter, Facebook, and Mastodon. You can also connect with Pierluigi Paganini on LinkedIn.
For more details, visit the full article: source.
Conclusion
The addition of these critical GoVision device flaws to CISA’s KEV catalog underscores the urgent need for both federal agencies and private organizations to address and mitigate these vulnerabilities promptly. Failure to do so could result in severe security breaches and potential exploitation by malicious actors.