CVE-2024-56898
Published: 03 February 2025
Summary
CVE-2024-56898 is a high-severity Improper Access Control (CWE-284) vulnerability. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 8.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
AC-3 enforces approved authorizations for access to system resources, directly preventing low-privilege users from performing unauthorized administrative actions like privilege escalation and account management.
AC-6 applies least privilege to restrict users and processes to only necessary accesses, mitigating privilege escalation by low-privilege users in the vulnerable system.
AC-2 manages account lifecycle processes including creation, modification, and deletion, ensuring only authorized personnel can perform these actions exploited by the vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Broken access control directly enables privilege escalation from low-priv accounts (T1068) and unauthorized account creation/modification/deletion (T1098/T1136).
NVD Description
Broken access control vulnerability in Geovision GV-ASWeb with version v6.1.0.0 or less. This vulnerability allows low privilege users perform actions that they aren't authorized to, which can be leveraged to escalate privileges, create, modify or delete accounts.
Deeper analysisAI
CVE-2024-56898 is a broken access control vulnerability affecting Geovision GV-ASWeb in versions v6.1.0.0 and lower. It enables low-privilege users to perform unauthorized actions, which can be exploited to escalate privileges as well as create, modify, or delete accounts. The vulnerability is classified under CWE-284 (Improper Access Control) and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility, low attack complexity, and potential for significant impacts on confidentiality, integrity, and availability.
The vulnerability can be exploited by low-privilege users (PR:L) over the network without requiring user interaction. Attackers with initial low-level access, such as standard authenticated users, can leverage the broken access controls to perform administrative actions, including privilege escalation and full account lifecycle management (creation, modification, deletion). This could allow compromise of the entire system by elevating to higher privileges.
Further details, including potential mitigation steps, are available in the advisory at https://github.com/DRAGOWN/CVE-2024-56898.
Details
- CWE(s)