GV-Edge Recording Manager 2.2.3.0 Privilege Escalation

2023.05.08
Risk: Medium
Local: Yes
Remote: No
CWE: CWE-264

# Exploit Title: GV-Edge Recording Manager 2.2.3.0 - Privilege Escalation due Incorrect Default Permissions # Date: 2023-05-04 # Exploit Author: Andrea Intilangelo # Vendor Homepage: https://www.geovision.com.tw - https://gvision.it # Software Link: https://dlcdn.geovision.com.tw/Software/DVD/Paid/GV-EdgeRecordingManager.zip # Version: 2.2.3.0 / Installer version: 12.0.0.49974 # Tested on: Windows 10 Pro 22H2 x64 # CVE: CVE-2023-23059 / Vendor Advisory ID: GV-ERM-2023-05 / Article ID: GV4-23-05-03 An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for Windows (Installer version: 12.0.0.49974), which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges. Vendor security advisory: Security_Advistory_ERM-2023-05.pdf Timeline: 2023-01-02: Vulnerability discovered, vendor contacted 2023-01-03: Vendor replies, request for CVE reservation, acknowledgments and coordinating for advisory, 2023-01-04: Vendor assigned case S-202301030001, request for internal support and fix, 2023-04-25: Assigned CVE number: CVE-2023-23059, notified Vendor for coordinated disclosure, 2023-05-03: Vendor Security Advisory publication on https://www.geovision.com.tw/cyber_security.php 2023-05-04: CVE publication / disclosure.


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top