Cyber Resilience

CVE-2024-56902

High

Published: 03 February 2025

Published
03 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.3347 97.0th percentile
Risk Priority 35 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-56902 is a high-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 3.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AU-13 (Monitoring for Information Disclosure).

Deeper analysis

CVE-2024-56902 is an information disclosure vulnerability affecting the Geovision GV-ASManager web application in versions 6.1.0.0 and earlier. The flaw, assigned CWE-200, allows exposure of account information including cleartext passwords and carries a CVSS 3.1 score of 7.5 reflecting network attack vector, low complexity, and no required privileges or user interaction.

Unauthenticated remote attackers can exploit the issue over the network to retrieve sensitive credentials stored or transmitted by the application, potentially enabling further unauthorized access to the access-control management system.

The single reference points to a public GitHub repository documenting the CVE, but no official vendor advisories, patches, or mitigation guidance are provided in the available details. The associated EPSS score has remained flat at 0.3347 with no material increase since disclosure.

EU & UK References

Vulnerability details

Information disclosure vulnerability in Geovision GV-ASManager web application with the version v6.1.0.0 or less, which discloses account information, including cleartext password.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
Why these techniques?

Direct remote exploitation of public-facing web app (T1190) exposes cleartext credentials (T1552).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-26001Shared CWE-200
CVE-2024-48125Shared CWE-200
CVE-2026-32609Shared CWE-200
CVE-2025-62188Shared CWE-200
CVE-2026-25146Shared CWE-200
CVE-2025-55190Shared CWE-200
CVE-2025-68438Shared CWE-200
CVE-2026-4020Shared CWE-200
CVE-2024-26477Shared CWE-200
CVE-2026-26069Shared CWE-200

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

IA-5 mandates protection of authenticators like passwords from unauthorized disclosure and requires they not be stored or transmitted in cleartext, directly preventing exposure of cleartext credentials in the web application.

prevent

AC-14 explicitly limits and authorizes actions performable without identification or authentication, preventing unauthenticated remote access to endpoints disclosing account information.

detect

AU-13 requires monitoring the system for unauthorized disclosures of sensitive information, enabling detection of exploitation attempts retrieving cleartext passwords.

References