CVE-2024-56903
Published: 03 February 2025
Summary
CVE-2024-56903 is a high-severity CSRF (CWE-352) vulnerability. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 42.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Protects the authenticity of communications sessions, directly countering CSRF attacks that forge requests for critical account management functions.
Validates information inputs including request methods and CSRF tokens to block modification of POST requests to GET against sensitive endpoints.
Requires re-authentication for critical actions like account management, limiting damage from successful CSRF-forged requests.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CSRF vuln in public-facing web app directly enables exploitation via T1190; user interaction via malicious links maps to T1204.001 for unauthorized account actions.
NVD Description
Geovision GV-ASWeb with the version 6.1.1.0 or less allows attackers to modify POST request method with the GET against critical functionalities, such as account management. This vulnerability is used in chain with CVE-2024-56901 for a successful CSRF attack.
Deeper analysisAI
CVE-2024-56903 affects Geovision GV-ASWeb in versions 6.1.1.0 and earlier. The vulnerability enables attackers to modify POST request methods to GET against critical functionalities, such as account management. Classified as CWE-352 (Cross-Site Request Forgery), it carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H) and was published on 2025-02-03.
Remote attackers require no privileges but need user interaction to exploit this issue. By tricking authenticated users into visiting malicious sites or clicking links, attackers can alter request methods to perform unauthorized actions on critical endpoints. The vulnerability is explicitly chained with CVE-2024-56901 to enable successful CSRF attacks, resulting in high impacts to integrity and availability, such as unauthorized account modifications.
Further details, including potential mitigation guidance, are available in the GitHub repository at https://github.com/DRAGOWN/CVE-2024-56903.
Details
- CWE(s)