Home
Mapping Frameworks
Known Exploited Vulnerabilities Home
GeoVision Devices OS Command Injection Vulnerability

Known Exploited Vulnerabilities CVE-2024-11120

Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name	Notes
CVE-2024-11120	GeoVision Devices OS Command Injection Vulnerability	exploitation_technique	T1133	External Remote Services	Comments Specific end-of-life GeoVision IoT devices contain an insufficient input validation vulnerability that allows for unauthenticated attackers to inject arbitrary commands and execute them on the system. References https://www.armis.com/threat-alert/eol-geovision-devices-os-command-injection-vulnerability/
CVE-2024-11120	GeoVision Devices OS Command Injection Vulnerability	exploitation_technique	T1203	Exploitation for Client Execution	Comments Specific end-of-life GeoVision IoT devices contain an insufficient input validation vulnerability that allows for unauthenticated attackers to inject arbitrary commands and execute them on the system. References https://www.armis.com/threat-alert/eol-geovision-devices-os-command-injection-vulnerability/
CVE-2024-11120	GeoVision Devices OS Command Injection Vulnerability	primary_impact	T1498	Network Denial of Service	Comments Specific end-of-life GeoVision IoT devices contain an insufficient input validation vulnerability that allows for unauthenticated attackers to inject arbitrary commands and execute them on the system. This leads to denial of service. References https://www.armis.com/threat-alert/eol-geovision-devices-os-command-injection-vulnerability/