Cyber Security News

GeoVision 0-Day Vulnerability Exploited in the Wild

Cybersecurity researchers have detected the active exploitation of a zero-day vulnerability in GeoVision devices, which the manufacturer no longer supports.

The vulnerability, now designated as CVE-2024-11120, has been assigned a high-severity CVSS score of 9.8 and used by a sophisticated botnet.

The security flaw is a pre-authentication command injection vulnerability, which allows attackers to execute arbitrary commands on vulnerable GeoVision devices without requiring authentication.

This poses a significant risk, enabling malicious actors to compromise devices remotely, and giving them full control over the affected systems.

Maximizing Cybersecurity ROI: Expert Tips for SME & MSP Leaders - Attend Free Webinar

The vulnerability was first reported by Shadowserver Foundation, a respected non-profit organization focused on improving internet security.

In a statement shared on X, Shadowserver confirmed, “We observed a 0-day exploit in the wild used by a botnet targeting GeoVision EOL devices. The pre-auth command injection vulnerability was verified in collaboration with TWCERT & GeoVision & assigned CVE-2024-11120.”

GeoVision, a company known for its video surveillance systems, has since confirmed the existence of the vulnerability in its End-of-Life (EOL) devices, which are no longer receiving security updates.

The collaboration with Shadowserver and Taiwan’s Computer Emergency Response Team (TWCERT) helped verify the issue, but due to the EOL status of many affected devices, patching options remain limited.

Security experts are urging organizations and individuals still using legacy GeoVision devices to take immediate action.

Recommended steps include disconnecting the devices from the internet if updates cannot be applied, segmenting the network, and replacing outdated hardware with more secure alternatives.

The botnet responsible for exploiting CVE-2024-11120 is actively targeting vulnerable devices to expand its network, posing a threat to both individuals and organizations globally.

Additional information on mitigations and workarounds is expected to be shared by relevant authorities in the coming days.

Simplify and speed up Threat Analysis Workflow by Auto-detonating Cyber Attacks in a Malware sandbox

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Fake BSOD Attack Launched via Malicious Python Script

A peculiar malicious Python script has surfaced, employing an unusual and amusing anti-analysis trick to…

2 days ago

SocGholish Malware Dropped from Hacked Web Pages using Weaponized ZIP Files

A recent wave of cyberattacks leveraging the SocGholish malware framework has been observed using compromised…

2 days ago

Lazarus Group Targets Developers Worldwide with New Malware Tactic

North Korea's Lazarus Group, a state-sponsored cybercriminal organization, has launched a sophisticated global campaign targeting…

2 days ago

North Korean IT Workers Penetrate Global Firms to Install System Backdoors

In a concerning escalation of cyber threats, North Korean IT operatives have infiltrated global companies,…

2 days ago

REF7707 Hackers Target Windows & Linux Systems with FINALDRAFT Malware

Elastic Security Labs has uncovered a sophisticated cyber-espionage campaign, tracked as REF7707, targeting entities across…

2 days ago

NVIDIA Container Toolkit Vulnerable to Code Execution Attacks

NVIDIA has issued a critical security update to address a high-severity vulnerability discovered in the…

2 days ago