Ethical Hacking News
A critical zero-day vulnerability has been exploited by a botnet to install the notorious Mirai malware on 17,000 GeoVision devices, compromising their functionality and potentially leading to widespread disruption.
A critical zero-day vulnerability in end-of-life GeoVision devices has been exploited by a malicious botnet to install the notorious Mirai malware. The flaw is a critical severity OS command injection problem that allows unauthenticated attackers to execute arbitrary system commands on the device. Approximately 17,000 GeoVision devices are exposed online and vulnerable to the CVE-2024-11120 flaw. Device manufacturers must prioritize security updates and support for their products, as well as consumers' awareness of potential risks associated with IoT devices. Continuous monitoring and patching of devices, even those no longer supported by vendors, is crucial to prevent exploitation by malicious actors.
A critical zero-day vulnerability in end-of-life GeoVision devices has been exploited by a malicious botnet to install the notorious Mirai malware. The flaw, tracked as CVE-2024-11120, is a critical severity (CVSS v3.1 score: 9.8) OS command injection problem that allows unauthenticated attackers to execute arbitrary system commands on the device.
According to Piort Kijewski of The Shadowserver Foundation, which discovered the vulnerability, it has already been exploited by attackers, and related reports have been received. The severity of this vulnerability cannot be overstated, as it enables an attacker to inject and execute arbitrary system commands on a device, potentially leading to widespread compromise and exploitation.
The affected devices include the following models:
* GV-VS12: A 2-channel H.264 video server that converts analog video signals into digital streams for network transmission.
* GV-VS11: A single-channel video server designed to digitize analog video for network streaming.
* GV-DSP LPR V3: A Linux-based system dedicated to license plate recognition (LPR).
* GV-LX4C V2 / GV-LX4C V3: Compact digital video recorders (DVRs) designed for mobile surveillance applications.
All of these models have reached the end of life and are no longer supported by the vendor, which means that security updates will not be available to patch this vulnerability. The Shadowserver Foundation reports that approximately 17,000 GeoVision devices are exposed online and vulnerable to the CVE-2024-11120 flaw.
The attackers behind this botnet appear to be using a variant of the Mirai malware, which is typically used as part of Distributed Denial-of-Service (DDoS) platforms or for cryptomining. The botnet's activities include devices heating excessively, becoming slow or unresponsive, and having their configuration arbitrarily changed.
If you suspect that your device has been compromised by this botnet, it is essential to take immediate action. Perform a device reset, change the default admin password to something strong, turn off remote access panels, and place the device behind a firewall. Ideally, these devices should be replaced with actively supported models, but if that's impossible, they should be isolated on a dedicated LAN or subnet and closely monitored.
The discovery of this vulnerability highlights the need for increased vigilance in the IoT sector. As more devices become connected to the internet, the risk of exploitation by malicious actors increases. It is crucial for device manufacturers to prioritize security updates and support for their products, as well as for consumers to be aware of the potential risks associated with IoT devices.
Furthermore, this incident underscores the importance of continuous monitoring and patching of devices, even those that are no longer supported by vendors. The use of vulnerability scanners and penetration testing can help identify potential vulnerabilities before they can be exploited by malicious actors.
In conclusion, the exploitation of the CVE-2024-11120 zero-day vulnerability in GeoVision devices is a serious incident that highlights the need for increased security awareness and vigilance in the IoT sector. As we move forward, it is essential to prioritize security updates and support for our devices, as well as to continuously monitor and patch our systems to prevent exploitation by malicious actors.
Related Information:
https://www.bleepingcomputer.com/news/security/botnet-exploits-geovision-zero-day-to-install-mirai-malware/
https://en.wikipedia.org/wiki/Mirai_(malware)
https://www.cloudflare.com/learning/ddos/glossary/mirai-botnet/
Published: Fri Nov 15 18:53:00 2024 by llama3.2 3B Q4_K_M
