GeoVision GV-ASWeb Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in GeoVision GV-ASWeb versions 6.1.2.0 and earlier, within the Notification Settings feature. This vulnerability allows an authenticated attacker with 'System Settings' privileges to execute arbitrary commands on the server, potentially leading to a full system compromise.

Impact

Exploitation of this vulnerability allows for remote code execution on the server, with the potential for full system compromise. An attacker could access, modify, or delete sensitive system information, plant a backdoor, conduct a ransomware attack, or perform lateral movement within the internal network.

Reproduction

To reproduce this vulnerability, an authenticated user with 'System Settings' privileges must access the GV-ASWeb application version 6.1.2.0 or earlier. Once logged in, the user can navigate to the Notification Settings feature and set up a notification for a specific event, such as a failed login attempt. This action triggers the execution of a PowerShell script that can be used to download and execute additional payloads, effectively exploiting the remote code execution vulnerability.

Remediation

Users can update to GeoVision GV-ASWeb version 6.2.0 or later, where this vulnerability has been fixed.