Cyber Posture

CVE-2024-56901

High

Published: 03 February 2025

Published
03 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0059 69.2th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-56901 is a high-severity CSRF (CWE-352) vulnerability. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 30.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-23 Session Authenticity good match
prevent

Requires mechanisms such as CSRF tokens to protect session authenticity, directly preventing forged GET requests from creating unauthorized administrator accounts.

SI-2 Flaw Remediation good match
prevent

Mandates timely identification, reporting, and correction of the specific CSRF flaw, eliminating the vulnerability exploited to create admin accounts.

AC-2 Account Management partial match
prevent

Enforces authorized processes for account creation and management, mitigating unauthorized admin account provisioning via CSRF-forged requests.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1136 Create Account Persistence
Adversaries may create an account to maintain access to victim systems.
attack.mitre.org →
Why these techniques?

CSRF in public-facing GV-ASWeb directly enables remote exploitation of the app (T1190) to create unauthorized admin accounts (T1136).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A Cross-Site Request Forgery (CSRF) vulnerability in Geovision GV-ASWeb application with the version 6.1.1.0 or less that allows attackers to arbitrarily create Administrator accounts via a crafted GET request method. This vulnerability is used in chain with CVE-2024-56903 for a…

more

successful CSRF attack.

Deeper analysisAI

CVE-2024-56901 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Geovision GV-ASWeb application in versions 6.1.1.0 and earlier. The flaw enables attackers to arbitrarily create Administrator accounts through a crafted GET request. It is chained with CVE-2024-56903 to facilitate a successful CSRF attack, as classified under CWE-352, with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

The vulnerability can be exploited by remote attackers with no required privileges over a network, provided they can lure an authenticated user into performing an action such as visiting a malicious webpage (user interaction required). Successful exploitation allows the creation of unauthorized Administrator accounts, potentially granting full control over the application, including high impacts on confidentiality, integrity, and availability.

Mitigation details are available in the advisory published on GitHub at https://github.com/DRAGOWN/CVE-2024-56901, which was referenced alongside the CVE published on 2025-02-03. Security practitioners should consult this resource for patching instructions or workarounds specific to GV-ASWeb.

Details

CWE(s)
CWE-352

CVEs Like This One

CVE-2026-22194Shared CWE-352
CVE-2025-68434Shared CWE-352
CVE-2025-25907Shared CWE-352
CVE-2025-27910Shared CWE-352
CVE-2025-2319Shared CWE-352
CVE-2025-23803Shared CWE-352
CVE-2025-25071Shared CWE-352
CVE-2025-23821Shared CWE-352
CVE-2025-30615Shared CWE-352
CVE-2025-22814Shared CWE-352

References